Page 1 of 1

v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 12:01 pm
by emils
RouterOS version 6.48 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48 (2020-Dec-22 11:20):

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 1:24 pm
by Jotne
Nice Christmas present :)

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 1:40 pm
by osc86
Trusted checkbox appears twice in Bridge -> Ports -> <interface> -> General

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 1:49 pm
by kd2pm2
Upgraded my 2011 and 4011....time to test and see what happens.

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 3:35 pm
by Chupaka
dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
Only dynamic static?..

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 3:51 pm
by tomaskir
That's one huge changelog - the stability fixes for ARM are much welcomed.

After the upgrade, "/export compact" without any reconfiguration shows 2 new changes from "default":

Image
...
Image

What has changed in the defaults for user groups and neighbor discovery?

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 9:14 pm
by TimothyKoval
Setting firmware auto upgrade to each no or yes crashes my RB3011, working fine on cAP ac and CRS112
/system routerboard settings set auto-upgrade=yes

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 10:03 pm
by erlinden
I see the following error in the log (every 30 min):
IPsec-SA expired before finishing rekey
Haven't seen this issue in the current LTS and the 6.47.x releases.

Found this answer in the topic, hope it helps:
viewtopic.php?f=2&t=159536&p=783686&hil ... ey#p784468

Re: v6.48 [stable] is released!

Posted: Wed Dec 23, 2020 10:18 pm
by MartijnVdS
Do these multicast fixes mean IPv6 will work better again?

Because my routers keep forgetting to respond to IPv6 neighbor solicitations over multicast after a while. Meaning it _seems_ to work for a while.. and then when you leave it breaks.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 12:18 am
by Guscht
*) branding - fixed LCD logo loading from new style branding package;
How can we add a LCD logo? It would be great to add a custom image with our company logo and the Router-Name.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 1:43 am
by brbsh
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 1:54 am
by kevinb361
Just updated the following all working great so far!

CCR 1009, CSR 326, and two wAP AC's

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:09 am
by ID
*) branding - fixed LCD logo loading from new style branding package;
How can we add a LCD logo? It would be great to add a custom image with our company logo and the Router-Name.
Didn't test it yet but at mikrotik client area choose " Branding maker " and select category as "LCD Logo" upload it and create package for branding.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:14 am
by dadoremix
we are waiting for 6.48.5 .. stable release is beta channel

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:27 am
by mducharme
What has changed in the defaults for user groups and neighbor discovery?
I'm not sure about neighbor discovery, but in user groups it appears that the group "full" does not have the "dude" policy enabled by default.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:42 am
by mducharme
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
I am a bit puzzled by this fix as even though our clients are mostly dual stack, and our ACS URL has both A and AAAA records and is listening on IPv4 and IPv6, I've never seen the clients ever attempt to connect to the ACS via IPv6, only IPv4. Until now I assumed that the TR069 client on MikroTik had support for IPv4 only and not IPv6. Under what circumstances will the TR069 client attempt a connection via IPv6?

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 3:20 am
by krafg
Updated all my devices and for now all is working fine.

Regards.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 3:57 am
by dioeyandika
hem after upgrade system health not showing voltage and temperature RB 750G r3 Image

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 4:09 am
by G2Dolphin
*) m33g - added support for "/system gpio" menu (CLI only);
I don't have M33g, but... does that allow us to play with unused GPIOs for simple stuff like turning some load on and off with relays or having additional status LEDs? That would be awesome! :D

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 8:21 am
by psybernoid
On my CRS326-24G-2S+ after updating I no longer have any interfaces nor will the device reboot cleanly.

This is the output from terminal:
[admin@CRS326] > /interface
[admin@CRS326] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU
[admin@CRS326] /interface> /system reboot
Reboot, yes? [y/N]:
y
system will reboot shortly

Rebooting...
failed to stop ipsec: std failure: timeout (13)
failed to stop route: std failure: timeout (13)

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 10:19 am
by jcmerg
On my CRS326-24G-2S+ after updating I no longer have any interfaces nor will the device reboot cleanly.

This is the output from terminal:
[admin@CRS326] > /interface
[admin@CRS326] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU
[admin@CRS326] /interface> /system reboot
Reboot, yes? [y/N]:
y
system will reboot shortly

Rebooting...
failed to stop ipsec: std failure: timeout (13)
failed to stop route: std failure: timeout (13)
Same Issue here, i've removed all lacp bonding interfaces from the bridge, after that, the switch worked fine, so i downgraded to the last 6.47.x

I've also tried a factory reset and reconfiguration with a export backup .... same issue.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 10:30 am
by DarkNate
RB450Gx4. Smooth upgrade, no problems, no errors, nothing. Perfect.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 1:04 pm
by elbob2002
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
Same here on my RB3011. My WAN port was on ether 2 and kept flapping.

Moved it to ether10 and now have a stable WAN connection again but obviously the flapping issue isn't resolved.

Before moving to ether 10 I turned autonegotiation off but no luck.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 1:37 pm
by psybernoid
Same Issue here, i've removed all lacp bonding interfaces from the bridge, after that, the switch worked fine, so i downgraded to the last 6.47.x

I've also tried a factory reset and reconfiguration with a export backup .... same issue.
Ahh. I have 3 LACP bonds on mine. I may well be having the same issue then.

Though how did you remove the bonds if the interfaces where not showing?

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:15 pm
by R00tKit
Sadly I confirm the problem with Several RB3011. The switch chip of ports 1-5 works erratically after the upgrade.
All my PPPoE connections on those ports (usually 1,2) started flapping.
Switching to ports 6-10 worked for me, but this is kind of serious.

Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS. I think I will revert to the older version for now

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:42 pm
by nimbo78
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
same here
bridge with rstp and hw offload, rb3011 with upgraded RouterBoard
on ether6-ether10 all good

"stable" :)

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 2:48 pm
by biomesh
I upgraded the following without any issues:

Crs326-24g-2s+ (with lacp bond), crs317, ccr1009, cap ac, wap ac, hap ac2, hap mini, chr, rb921gs.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 3:01 pm
by andkar
Hi,

Hap AC2 - ok so far.
RB3011 - port flapping (like others noted)

Software QA.needs improvements.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 3:45 pm
by staticsafe
Time for me to ask again, is the bug with the SFP ports not working fixed in this version?

I really want to upgrade my hAP ac to latest :)

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 4:01 pm
by shavenne
6.48 is the same as rc1 I guess? So this =>
Tried to update my switches at home (CRS112-8P-4S, CRS112-8G-4S, CRS309-1G-8S+, CRS328-24P-4S+) to 6.48beta40 yesterday (6.47.4 before).
For some reason all clients stopped getting IPv6 addresses from my RB4011 (with 7.1beta2) then.
I started downgrading the firmware on the CRS328-24P-4S+ (to which the RB4011 is also connected) and all clients connected to it were getting IPv6 addresses again.
I still had to downgrade the other switches too to obtain IPv6 there also.

I find it quite strange as I'm not using any routing or firewall functions on the switches. Actually just VLANs (all IPv6 clients are in a seperate vlan) and nothing else.
Any idea what's going wrong?
Tried the same with 6.48rc1 today. Still the same problem :(
Downgraded to 6.47.8 and it works again immediately.
will remain, right??

This is my config:
# dec/24/2020 14:59:11 by RouterOS 6.47.8
# software id = 76F0-EZPJ
#
# model = CRS328-24P-4S+
# serial number = A1A10A614FF6
/interface bridge
add admin-mac=74:4D:28:D3:63:6B auto-mac=no comment=defconf igmp-snooping=yes \
    name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=pi.home
set [ find default-name=ether2 ] comment="Kamera Hof"
set [ find default-name=ether5 ] comment="Deep-Thought Intel-Karte"
set [ find default-name=ether6 ] comment=Slow-Thought
set [ find default-name=ether11 ] comment=TV
set [ find default-name=ether13 ] comment=HTPC
set [ find default-name=ether14 ] comment=AV-Receiver
set [ find default-name=ether22 ] comment="Freifunk Hotspot (Hof)"
set [ find default-name=ether23 ] comment=\
    "Unifi AP + plastikschleuder.home (RPi)"
set [ find default-name=ether24 ] comment="WAN LTE"
set [ find default-name=sfp-sfpplus1 ] comment="Zum Keller"
set [ find default-name=sfp-sfpplus2 ] comment="Deep-Thought 10G"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,tikapp"
add name=prometheus policy="read,winbox,api,!local,!telnet,!ssh,!ftp,!reboot,!wr\
    ite,!policy,!test,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22 pvid=31
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge comment="IPv6 only" tagged=sfp-sfpplus1,ether5 vlan-ids=66
add bridge=bridge comment="WAN Freifunk" tagged=\
    sfp-sfpplus1,ether23,ether24,sfp-sfpplus2,ether13,ether10 vlan-ids=12
add bridge=bridge comment="Freifunk Hotspot" tagged=sfp-sfpplus1,ether5 \
    untagged=ether22 vlan-ids=31
add bridge=bridge comment=VoIP tagged=sfp-sfpplus1,ether23,ether24 vlan-ids=21
add bridge=bridge comment="WAN FTTH1" tagged=sfp-sfpplus1,ether17 vlan-ids=4001
add bridge=bridge comment="WAN FTTH2" tagged=sfp-sfpplus1,ether17 vlan-ids=4002
add bridge=bridge comment="WWW \FCber bridge-pi" tagged=sfp-sfpplus1,ether17 \
    vlan-ids=4050
add bridge=bridge comment="Freifunk Hotspot (Balkon)" tagged=\
    sfp-sfpplus1,ether5 vlan-ids=32
add bridge=bridge comment="IPv6 Pool 2" tagged=sfp-sfpplus1,ether5 vlan-ids=67
add bridge=bridge comment="WAN LTE" tagged=sfp-sfpplus1,ether24 vlan-ids=4010
add bridge=bridge comment=IceCC tagged=ether5,sfp-sfpplus1 vlan-ids=530
/ip address
add address=192.168.90.7/24 interface=bridge network=192.168.90.0
/ip dns
set servers=192.168.90.1
/ip firewall filter
add action=accept chain=output
add action=accept chain=input
/ip route
add distance=1 gateway=192.168.90.1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=SW_WohnungOben
/system ntp client
set enabled=yes primary-ntp=62.108.36.235 secondary-ntp=46.165.221.137
/system package update
set channel=testing
/system routerboard settings
set boot-os=router-os
/system swos
set address-acquisition-mode=static allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,p9\
    ,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20,p21,p22,p23,p24,p25,p26,p27,p28\
    " identity=SW_WohnungOben static-ip-address=192.168.90.7
(exported from v6.47.8)

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 4:09 pm
by jcmerg
Same Issue here, i've removed all lacp bonding interfaces from the bridge, after that, the switch worked fine, so i downgraded to the last 6.47.x

I've also tried a factory reset and reconfiguration with a export backup .... same issue.
Ahh. I have 3 LACP bonds on mine. I may well be having the same issue then.

Though how did you remove the bonds if the interfaces where not showing?
Simply unplug all bond members and boot the switch, the issue occures only when the bond interfaces in the bridge are up and active

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 4:18 pm
by guruniverse
Did not receive SMS messages in inbox after upgrade anymore. Downgrading to previous stable version (6.46.8) fixed the issue.

Running a RBLTAP-2HND&R11E-LTE (MMIPS architecture).

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 4:43 pm
by newrealsprl
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
Same for me
3011 1-5 flapping

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 5:22 pm
by nostromog
What's new in 6.48 (2020-Dec-22 11:20):
(...)
*) interface - fixed pwr-line running state (introduced in v6.45);
Difficult to know what this means, can anyone clarify?

A couple of pwr-line power sources for a couple of mAP Lite routers have stopped a strange behaviour they were showing, flashing all lights in a ~10 seconds pattern (that I had already reported months ago) and was waiting for feedback more than one month ago. Last they sent me a firmware that made disappear the interface...

It is still not working with 6.48, though, even with both pwr-line adaptors in the same extension cord they don't link together... But now at least the behaviour doesn't look broken, just no traffic across the wire...

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 5:32 pm
by bmatic
hem after upgrade system health not showing voltage and temperature RB 750G r3 Image
I can confirm the problem on RB750Gr3 and RB760iGS .

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 5:45 pm
by mikruser
why are you upgrading to beta-version?
it has been repeatedly said that
"long-term" = Stable
"stable" = Beta
"testing" = Alpha

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 5:54 pm
by dannym
This new release "make" my 24.12 day...
Rb2011 works fine after update
Rb941/ Rb931 works fine after update
Rb 4011 and 3011 are down...
Last stable releases are total mess.

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 6:07 pm
by rushlife
rb3011 flapping, 1500 linkdowns for about 30 minutes

rb4011 seems to be fine

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 6:27 pm
by Guscht
What are "Port Extensions"?
Image

No single word in any Mikrotik wiki...

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 6:37 pm
by npeca75
What are "Port Extensions"

No single word in any Mikrotik wiki...
Hi
You could find useful info here:
https://help.mikrotik.com/docs/display/ ... t+Extender

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 7:15 pm
by FurfangosFrigyes
- RB3011 port flapping
- CRS328 24p 4s+ crashed if the device has bonded interfaces

- RB4011 ok
- CAP AC ok
- HAP AC3 ok
- CHR ok
- HAP AC2 ok

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 7:32 pm
by deweydb
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
confirmed on our RouterBOARD 3011UiAS

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 10:21 pm
by npeca75
rb3011 flapping, 1500 linkdowns for about 30 minutes

rb4011 seems to be fine
Hi @rushlife
I like to ask you, did you upgrade FW (bios) on your 3011 ?

I ask this because my 3011 is up with v6.48 and it is stable - NULL link down's , all ETH ports 1G, up without problems
but i forgot to update FW (bios), it is still 6.47.8

so now i am afraid to update/reboot because i am remote until next year

Re: v6.48 [stable] is released!

Posted: Thu Dec 24, 2020 11:06 pm
by Ivoshiee
Why does a reboot will erase files from the flash? Image file update and erasing that file was a normal, but why some other files need to go?

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 12:27 am
by nwa
this is the reason why you don´t touch an running system on the holidays.... but i do......... my bad...........
3011 is broken, links down... downgrade with trouble... nice.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 1:00 am
by FabioA
Sorry i report a problem with PwrLine. After upgrade to 6.48, my two devices (model PL7411-2nD) don't pair.
After reboot, change settings, more and more.. nothing. Downgrade to long term, all change to ok. Untill 6.47.8 everything works fine.
ps: ether1, pwr-line1, wlan (off) all on bridge-local with no protocol (stp, rstp, etc...).

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 3:15 am
by ganewbie
rb3011 flapping, 1500 linkdowns for about 30 minutes

rb4011 seems to be fine
Hi @rushlife
I like to ask you, did you upgrade FW (bios) on your 3011 ?

I ask this because my 3011 is up with v6.48 and it is stable - NULL link down's , all ETH ports 1G, up without problems
but i forgot to update FW (bios), it is still 6.47.8

so now i am afraid to update/reboot because i am remote until next year
Do not worry,
We had port flapping with a 3011 router that we updated remotely including the firmware was updated.
Not a big deal, we downgraded to 6.47.8 and our client is stable again.
Good luck

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 6:35 am
by IYARINDRA
Fixed.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 7:49 am
by ksaa
After upgrading my 962UiGS-5HacT2HnT from 6.47.8 to 6.48 I have constant troubles with my SIP phone. When switching on or reconfiguring, it connects to my Asterisk and after some minutes disconnects. Also in Asterisk console I see messages "Peer is lagged/ peer is available" every 30 seconds while the phone is registered. Changing keep alive settings on the phone did not help. After downgrading to 6.46.8 all problems disappeared

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 10:04 am
by rushlife
rb3011 flapping, 1500 linkdowns for about 30 minutes

rb4011 seems to be fine
Hi @rushlife
I like to ask you, did you upgrade FW (bios) on your 3011 ?

I ask this because my 3011 is up with v6.48 and it is stable - NULL link down's , all ETH ports 1G, up without problems
but i forgot to update FW (bios), it is still 6.47.8

so now i am afraid to update/reboot because i am remote until next year
hi, yeah
firmware was also upgraded to 6.48

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 10:08 am
by plisken
*) branding - fixed LCD logo loading from new style branding package;
How can we add a LCD logo? It would be great to add a custom image with our company logo and the Router-Name.
Go to your Mikrotik account,
At the bottom you see other.
Click on branding maker.
Here you can add your logo.
Then you have to load a package into the router.
If this adjustment is loaded in the router.
You can delete it by netinstall. A reset procedure does not delete them.
I wish you a happy holidays and keep it safe.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 11:43 am
by npeca75
rb3011 flapping, 1500 linkdowns for about 30 minutes

rb4011 seems to be fine
Hi @rushlife
I like to ask you, did you upgrade FW (bios) on your 3011 ?

I ask this because my 3011 is up with v6.48 and it is stable - NULL link down's , all ETH ports 1G, up without problems
but i forgot to update FW (bios), it is still 6.47.8

so now i am afraid to update/reboot because i am remote until next year
hi, yeah
firmware was also upgraded to 6.48
So, i could consider lucky that i forget to update FW (second reboot)
Still working without glitch, all ports on 1G FD, HW Offload, 14 Vlans, 65% port utilization
Was in hurry to replace scripting with " *) ppp - added ipv6-routes parameter to secrets menu" before holidays and now i am hoping that power/UPS will remain until first work day

it was my mistake :(
nice christmas present :(

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 12:25 pm
by h17
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
I was having same problem on CRS309-1G-8S+. After a while SFP+ port started constantly flapping every few seconds.
Tried with auto-negotiation turned off. No luck. Had to downgrade to v6.47.8.

Surprisingly, v6.48 on CRS305-1G-4S+ works ok (it's at the other end of that flapping link).

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 1:05 pm
by WirtelPL
hem after upgrade system health not showing voltage and temperature RB 750G r3 Image
I can confirm the problem on RB750Gr3 and RB760iGS .
RBD53iG-5HacD2HnD - the same bug.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 2:42 pm
by stefanosp
what 6.48 did to my RBD52G-5HacD2HnD config:
  • resetted both wireless interfaces
  • removed the bridge
  • removed SSTP-client interface
  • ..
too bad for a MT fan.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 2:57 pm
by shiyiqiang08
@mikrotik
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
The frequency of automatic adjustment CPU can only be up to 716, but it can be manually adjusted to 896 in routerboard

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 3:02 pm
by Hominidae
...no problems here after upgrading 24hrs ago, for

- RB4011, running capsman
- CRS326-24G-2S+-RM, including bond-Interface, VLANs and SFP+ (AOC connect to RB4011)
- cAP-ac

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 6:46 pm
by complex1
Sorry i report a problem with PwrLine. After upgrade to 6.48, my two devices (model PL7411-2nD) don't pair.
After reboot, change settings, more and more.. nothing. Downgrade to long term, all change to ok. Untill 6.47.8 everything works fine.
ps: ether1, pwr-line1, wlan (off) all on bridge-local with no protocol (stp, rstp, etc...).
I am having the exact same problem here.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 8:13 pm
by joedoelv
After upgrading my 962UiGS-5HacT2HnT from 6.47.8 to 6.48 I have constant troubles with my SIP phone. When switching on or reconfiguring, it connects to my Asterisk and after some minutes disconnects. Also in Asterisk console I see messages "Peer is lagged/ peer is available" every 30 seconds while the phone is registered. Changing keep alive settings on the phone did not help. After downgrading to 6.46.8 all problems disappeared
I've seen same behavior on Gigaset N300A IP after upgrading my mom's 951Ui-2HnD to 6.48
After downgrading to 6.46.8 issue got resolved.

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 8:43 pm
by Aytishnikcom
Red Hat (long-term) = Stable
CentOS (stable) = Stable
Fedora (testing) = Beta
why are you upgrading to beta-version?
it has been repeatedly said that
"long-term" = Stable
"stable" = Beta
"testing" = Alpha

Re: v6.48 [stable] is released!

Posted: Fri Dec 25, 2020 10:44 pm
by sterod
Did this update break anyone else's pwr line setup? I have a pwr line pro and at the other end of pwr line AP and the link between them is now incredibly unstable. I had to downgrade to 6.47.8 to restore connectivity.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 1:33 am
by jult
- never mind - using a different PC with netinstall worked.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 2:00 am
by tabareco
My RouterBOARD is offline !

- 6.47.8 to 6.48;
- rb4011igs + 5hacq2hnd-in, connect pppoe for internet access

Remote upgrade, my fault ...
After 7 years of updating without problems (RB750) it generated overconfidence
I have Wait 2 weeks for recovery and access to my server.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 3:13 am
by netraider
After upgrading my 962UiGS-5HacT2HnT from 6.47.8 to 6.48 I have constant troubles with my SIP phone. When switching on or reconfiguring, it connects to my Asterisk and after some minutes disconnects. Also in Asterisk console I see messages "Peer is lagged/ peer is available" every 30 seconds while the phone is registered. Changing keep alive settings on the phone did not help. After downgrading to 6.46.8 all problems disappeared
I've seen same behavior on Gigaset N300A IP after upgrading my mom's 951Ui-2HnD to 6.48
After downgrading to 6.46.8 issue got resolved.
Confirm this! The 6.48 dropped all SIP accounts in my gigaset IP phones to offline. Also I got the problems with access to phone`s webinterface. After downgrade to 6.47.8 everithing works fine again

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 7:10 am
by ksaa
[/quote]

I've seen same behavior on Gigaset N300A IP after upgrading my mom's 951Ui-2HnD to 6.48
After downgrading to 6.46.8 issue got resolved.
[/quote]
Confirm this! The 6.48 dropped all accounts in my gigaset IP phones to offline. Also I got the problems with access to phone`s webinterface. After downgrade everithing works fine again
[/quote]

By the way, my phone is also Gigaset. Tried C595 and C530 bases

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 2:45 pm
by anesthc
I see the following error in the log (every 30 min):
IPsec-SA expired before finishing rekey
Haven't seen this issue in the current LTS and the 6.47.x releases.

Found this answer in the topic, hope it helps:
viewtopic.php?f=2&t=159536&p=783686&hil ... ey#p784468
Nope :(
Getting same issue on my IKE2 tunnels with statically assigned policies and looks that's because
*) ike2 - improved child SA rekeying process;
Now on rekey childs mikrotik send and want proposals without pfs despite pfs-group=ecp521 configured. Similar issue has Windows 7 time ago.

And even when I set pfs-group to none, message
ipsec,error simultaneous rekey

timely appears in logs of mikrotik-to-mikrotik tunnels (obviously, on tunnels MT-strongSwan I get rid of it being disable rekey on swan side)

Should I downgrade or this improvement will be fixed?

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 4:06 pm
by OndrejHolas
Hi all,

I have one spare RB3011 in lab, so I tried to upgrade it to 6.48 to see the problem with port flapping others mention here. So I did:

  • upload ROS 6.48 packages to RB3011 with 6.47.7 (both ROS and firmware)
  • sys reb (ROS upgraded)
  • waited 10 minutes, no port flapping occurred
  • upgraded firmware to 6.48 (sys rou up)
  • sys reb (warm restart)
  • waited 10 minutes, no port flapping occurred
  • sys shut
  • power cycle (cold start)
  • waited 10 minutes, no port flapping occurred

So in my case 6.48 on RB3011 does not (yet?) exhibit the port flapping problem even after cold start (when the new firmware becomes fully effective). But this is a very early box, bought just after 3011's introduction; maybe there are other HW versions of 3011.

Ondrej

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 4:31 pm
by ganewbie
So in my case 6.48 on RB3011 does not (yet?) exhibit the port flapping problem even after cold start (when the new firmware becomes fully effective). But this is a very early box, bought just after 3011's introduction; maybe there are other HW versions of 3011.
Ondrej
In our setup we have 2 WAN ports "ether1 and ether2" and port flapping was present after the upgrade.
Our 3011 is old but maybe not as old as yours it was shipping with firmware 3.41

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 4:34 pm
by eworm
Now on rekey childs mikrotik send and want proposals without pfs despite pfs-group=ecp521 configured. Similar issue has Windows 7 time ago.
With IKEv2 the pfs group is inherited from phase 1, have a look at dh group in profiles. Perfect forward secret should be used even if set to none in proposals.
Correct me if I am wrong, but I think you should set pfs-group to none in proposals on all devices for IKEv2.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 4:40 pm
by OndrejHolas
Our 3011 is old but maybe not as old as yours it was shipping with firmware 3.41
Mine is indeed older, factory firmware is 3.27.

Ondrej

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 4:57 pm
by rpingar
still (6.47.8 too) get ccr2004 crashes on pppoe-clinet interface queue.
No matter what queue's kind, the router crashes.

ticket #[SUP-36923] opened
regards
Ros

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 5:24 pm
by kehrlein
Upgraded several devices without any issues:
- CRS326-24G-2S+ (with bridge, bonding, VLAN, SFP+)
- CRS112-8P-4S (with bridge, bonding, VLAN, SFP)
- RB750GL
- RB760iGS (HeX S)

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 5:35 pm
by erlinden
With IKEv2 the pfs group is inherited from phase 1, have a look at dh group in profiles. Perfect forward secret should be used even if set to none in proposals.
Correct me if I am wrong, but I think you should set pfs-group to none in proposals on all devices for IKEv2.
My current settings:
/ip ipsec profile
add dh-group=modp4096 enc-algorithm=aes-256,aes-128 hash-algorithm=sha512 name=site2site-profile
/ip ipsec peer
add address=x.x.x.x comment=site2site exchange-mode=ike2 name=site2site profile=site2site-profile
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
add auth-algorithms=sha512 enc-algorithms=aes-256-cbc name=site2site-proposal pfs-group=[b]modp4096[/b]
/ip ipsec identity
add comment=site2site peer=site2site
/ip ipsec policy
add comment=site2site dst-address=192.168.60.0/24 peer=site2site proposal=site2site-proposal sa-dst-address=x.x.x.x sa-src-address=0.0.0.0 \
    src-address=192.168.50.0/24 tunnel=yes
Are you referring to the highlighted pfs-group?

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 6:22 pm
by eworm
Yes, that's what should be set to none IMHO.
Look at first line, dh-group=modp4096 is used for dh in phase 1 and for PFS in phase 2.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 6:48 pm
by eworm
See this and the following posts from emils about the details:
viewtopic.php?f=2&t=147769#p740153

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 7:08 pm
by kombinat
What's new in 6.48 (2020-Dec-22 11:20):
(...)
*) interface - fixed pwr-line running state (introduced in v6.45);
A couple of pwr-line power sources for a couple of mAP Lite routers have stopped a strange behaviour they were showing, flashing all lights in a ~10 seconds pattern (that I had already reported months ago) and was waiting for feedback more than one month ago. Last they sent me a firmware that made disappear the interface...

It is still not working with 6.48, though, even with both pwr-line adaptors in the same extension cord they don't link together... But now at least the behaviour doesn't look broken, just no traffic across the wire...
Same happened here, pwr-line devices doesnt pair with 6.48 after downgrade back to 6.47.8 they recovered.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 7:23 pm
by Lemahasta
After upgrade from 6.47.8 IPSEC-IKEV2 from windows 10 client -> mikrotik CCR 1009 using eap-radius stopped working.

After downgrade everything works fine again. RADIUS sends access-accept, windows client tries connecting for some time than just times out.
No errors in mikrotik. Just doesn't work.

Downgrade to 6.47.8 fixes issue.

IPSEC-IKEV2 using strongswan client (for android) works fine in both versions (6.47.8 and 6.48).

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 8:29 pm
by mhaluska
Did this update break anyone else's pwr line setup? I have a pwr line pro and at the other end of pwr line AP and the link between them is now incredibly unstable. I had to downgrade to 6.47.8 to restore connectivity.
I've just lan pwr line (TP-Link TL-PA8030P) in my parents house, working without issue between hap ac2 and rb2011-wifi on 6.48.

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 8:43 pm
by mikelaurense
After upgrading my 962UiGS-5HacT2HnT from 6.47.8 to 6.48 I have constant troubles with my SIP phone. When switching on or reconfiguring, it connects to my Asterisk and after some minutes disconnects. Also in Asterisk console I see messages "Peer is lagged/ peer is available" every 30 seconds while the phone is registered. Changing keep alive settings on the phone did not help. After downgrading to 6.46.8 all problems disappeared
I've seen same behavior on Gigaset N300A IP after upgrading my mom's 951Ui-2HnD to 6.48
After downgrading to 6.46.8 issue got resolved.
Same on Gigaset S850A. Seems this update breaks SIP on multiple phones... any solution, or is downgrading the only option?

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 9:13 pm
by OndrejHolas
Same on Gigaset S850A. Seems this update breaks SIP on multiple phones... any solution, or is downgrading the only option?
What transport do you use for SIP (UDP, TCP, TLS)?
Is the SIP conntrack helper active? (/ip firewall service-port print)

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 10:07 pm
by erlinden
Yes, that's what should be set to none IMHO.
Look at first line, dh-group=modp4096 is used for dh in phase 1 and for PFS in phase 2.
Thanks, saved my day! Got it working!!

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 11:12 pm
by shahani
1x CCR1036-12G-4S-149
1x CRS328_24p_4s_rm
1x RB4011iGS+5HacQ2HnD-IN
2x RB2011UiAS-2HnD-IN
1x RB952Ui-5ac2nD
upgrading 60hrs ago without any issues

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 11:30 pm
by mikelaurense
Same on Gigaset S850A. Seems this update breaks SIP on multiple phones... any solution, or is downgrading the only option?
What transport do you use for SIP (UDP, TCP, TLS)?
Is the SIP conntrack helper active? (/ip firewall service-port print)
Transport was set to Automatic, but setting it to UDP only or TCP only doesn't make a difference.
I used to have the SIP helper set to on, disabled it today, but that makes no difference as well.

This setup has been working for years, and only broke today after updating to 6.48. I see no other option than downgrading until this bug is fixed.

[edit]
Downgraded to 6.47.8 and the problem is gone

Re: v6.48 [stable] is released!

Posted: Sat Dec 26, 2020 11:50 pm
by jwelstead
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
I have the same problem with eth1 and eth2 dropping every hour approximately on my RB3011, downgrading solved the problem as well.
Hope this will be corrected

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 6:42 am
by sterod
I think the moral to this story is to avoid majors (6.48) and wait until the first minor (6.48.1)

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 9:52 am
by mafiosa
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
I have the same problem with eth1 and eth2 dropping every hour approximately on my RB3011, downgrading solved the problem as well.
Hope this will be corrected
Same here bugtik rb3011

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 11:47 am
by Ozon
Same on Gigaset S850A. Seems this update breaks SIP on multiple phones... any solution, or is downgrading the only option?
Same problems with SIP.

Stopped working:
on hAP ac
on hAP lite x2
on RB951G-2HnD

multiple Gigaset device with and without virtual PBX

all lost connection to PBX

Only helped reverting to 6.48.7

Stuck with downgrading hAP ac - shows 13MB used out of 16 MB

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 12:04 pm
by npeca75
I think the moral to this story is to avoid majors (6.48) and wait until the first minor (6.48.1)
Moral of this story:

1. MKT was forced by sales department to release "new" (7b/6b) versions before christmas without testing
2. Never trust blindly and install anything on holiday season

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 12:08 pm
by OndrejHolas
To someone having problems with SIP phones: Could you please check log of the router with ROS 6.48, whether there are unexpected flapping events (link down/up) or not?

Since the linkdowns last between 1 and 2 seconds (as observed in my lab), it could cause "Lagged" state in Asterisk when qualify probe hits the linkdown state. Maybe the problem is more general and not SIP-specific, although SIP qualify probes can detect short communication outages.

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 12:10 pm
by OndrejHolas
Our 3011 is old but maybe not as old as yours it was shipping with firmware 3.41
Mine is indeed older, factory firmware is 3.27.
Finally, my old 3011 started to flap with another NIC connected, so the problem seems to be dependent on connected NIC (or its PHY?) as well.

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 12:41 pm
by Ozon
To someone having problems with SIP phones: Could you please check log of the router with ROS 6.48, whether there are unexpected flapping events (link down/up) or not?

Since the linkdowns last between 1 and 2 seconds (as observed in my lab), it could cause "Lagged" state in Asterisk when qualify probe hits the linkdown state. Maybe the problem is more general and not SIP-specific, although SIP qualify probes can detect short communication outages.
nope, link is ok.

upd.

downgraded last 2 devices to 6.47.8

@ MTK - never please release new firmware during holidays. Luck that today is weekend, and everybody is out of office. In another way we could get huge problem without all telephone services working.

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 2:52 pm
by biomesh
Are these gigaset devices having issues with the lldp med options added?

My asterisk, grandstream, and obihai (polycom) devices all work fine.

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 4:32 pm
by ksaa
Are these gigaset devices having issues with the lldp med options added?

My asterisk, grandstream, and obihai (polycom) devices all work fine.
Hm... It seems you are right. I turned off all protocols in IP-Neighbours and... 10 minutes.... and my phone is ok. Before theese changes it would lose connection 100%... Thank you :)

upd. Switching off LLDP only maker disconnects less often, leaving only CDP is 100% safe

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 5:55 pm
by OndrejHolas
With IKEv2 the pfs group is inherited from phase 1, have a look at dh group in profiles. Perfect forward secret should be used even if set to none in proposals.
Correct me if I am wrong, but I think you should set pfs-group to none in proposals on all devices for IKEv2.
Just to clarify, in IKEv2, phase 2 PFS group is not inherited from phase 1. During IKE SA init phase, when phase 1 keying material is negotiated (using group configured at the phase 1 level) and also phase 2 "create child SA" is requested, this time the phase 2 derives its keys from phase 1 keying material, so in this case there's really no need to negotiate PFS group at the phase 2 level (for example Strongswan is quite liberal here and matches proposals from both peers even if their PFS groups don't match).

Different situation is during phase 2 rekeying, when peers are required to have common PFS group, as there's need to negotiate new keys from scratch. Or, if both peers have PFS group unconfigured, rekeying is done based on previously used keying material, lacking advantage of PFS.

Thus, in IKEv2, the PFS group configured at the phase 2 level is used the same way as in IKEv1 except the initial contact.

6.47.8 and 6.48 send different proposals during phase 2 rekey, 6.48 omits the configured PFS group in proposal sent, 6.47.8 includes it (can be seen in Strongswan logs at the other side).

Setting PFS group to none makes the rekeying work with 6.48, although the rekey process is then weaker due to lacking PFS.

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 8:12 pm
by samasd
updated all my routers there was a weird problem in one of 750g routers bridge port , all the clients could ping the upper router except the router itself ! had to remove bridge and its ports and add it again, the arp was good and it was working with no problem with 6.47.8

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 10:04 pm
by zandhaas
Upgrade on my 750Gr3 OK Also the system health is showing power and temp
Upgrade on HAP ac2 is also OK

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 10:23 pm
by Kindis
To someone having problems with SIP phones: Could you please check log of the router with ROS 6.48, whether there are unexpected flapping events (link down/up) or not?

Since the linkdowns last between 1 and 2 seconds (as observed in my lab), it could cause "Lagged" state in Asterisk when qualify probe hits the linkdown state. Maybe the problem is more general and not SIP-specific, although SIP qualify probes can detect short communication outages.
nope, link is ok.

upd.

downgraded last 2 devices to 6.47.8

@ MTK - never please release new firmware during holidays. Luck that today is weekend, and everybody is out of office. In another way we could get huge problem without all telephone services working.
You cannot be serious with this. How are they responsible for anyone deploying this in production just before the holiday's? Testing fine but not actual prod. We freeze all prod equipment around 18th of Dec to 11th of Jan and do not allow any upgrades/changes unless it is an emergency.
If it is this important I recommend you use Long-term instead as they tend to be better in term of version change but always test first.

Re: v6.48 [stable] is released!

Posted: Sun Dec 27, 2020 11:11 pm
by Guscht
hotspot - added support for captive portal advertising using DHCP (RFC7710)
Any information regarding this?
Is there a new option somewhere in the HotSpot section or in the DHCP section? Or is this a "hidden" background feature?

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 1:51 am
by Trunkz
Yes, that's what should be set to none IMHO.
Look at first line, dh-group=modp4096 is used for dh in phase 1 and for PFS in phase 2.
Thats odd - I've got pfs set in phase 2 and the IKEv2 tunnel establishes correctly:
# model = RB4011iGS+5HacQ2HnD
# serial number = xxxx
/ip ipsec profile
add dh-group=ecp521 enc-algorithm=aes-256 name=xxxx
/ip ipsec peer
add address=xxxx/32 exchange-mode=ike2 name=xxxx profile=xxxx
/ip ipsec proposal
add enc-algorithms=aes-256-cbc name=xxxx pfs-group=ecp521
/ip ipsec identity
add peer=xxxx secret=xxxx
/ip ipsec policy
add dst-address=xxxx/24 peer=xxxx proposal=xxxx sa-dst-address=xxxx sa-src-address=xxxx src-address=xxxx/25 tunnel=yes

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 4:44 am
by spiritamokk
After upgrading all our routers (mix of different models: CCR, RB1100AHx4 and CHR) bumped into an issue that IPSec tunnels (GRE based) after Phase 1 is expired Phase 2 fails to form. Before upgrade those tunnels were rock solid for the last 3+ years and survived multiple upgrades.

Active peer shows expired and established Phase 1, but new phase is not passing any traffic. Phase 2 is till shows as associated with expired phase 1
https://prntscr.com/wb5rda

On the Phase 2 (Policies) it looks like it doesn't have info on what flow to encrypt.
https://prnt.sc/wb5u4a

Tunnel configuration on both ends is the same and tunnel is built from behind the firewall with dedicated 1:1 NAT on both ends of the tunnel.

/interface gre
add !keepalive name=GRE-VPN-WEST remote-address=XX.XX.XX.XX

/ip ipsec peer
add address=XX.XX.XX.XX/32 name=VPN-WEST-PEER profile=\
"Default EMS PHASE 1"

/ip ipsec policy
add dst-address=XX.XX.XX.XX/32 peer=VPN-WEST-PEER proposal=\
"Default EMS PHASE 2" src-address=YY.YY.YY.YY/32 (public NAT)

/ip ipsec profile
add dh-group=modp6144 enc-algorithm=aes-256 hash-algorithm=sha512 name=\
"Default EMS PHASE 1"

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-192-cbc lifetime=1h
add enc-algorithms=aes-192-cbc lifetime=1h name="Default EMS PHASE 2"

Please help if you experiencing similar issues as I have no idea where to even start troubleshooting.

Thanks

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 9:42 am
by valemal
Time for me to ask again, is the bug with the SFP ports not working fixed in this version?

(my MikroTik hAP ac RB962UiGS-5HacT2HnT View this servicedesk in support portal )

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:00 am
by eddieb
Time for me to ask again, is the bug with the SFP ports not working fixed in this version?

(my MikroTik hAP ac RB962UiGS-5HacT2HnT View this servicedesk in support portal )
Your issue might be depending on the type of SFP you use,
I have 4pc of RB962UiGS-5HacT2HnT with Mikrotik SFP's and they work fine
You should contact support directly ....

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:06 am
by dg1kwa
IGMP Snooping not work correct with this release.

4x rb2011, 1x CRS106 and 1x HeX

After some minutes the MDB-table is empthy and the multicast flood to all ports :(

Try different settings, not help.

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:29 am
by huntermic
IGMP Snooping not work correct with this release.

4x rb2011, 1x CRS106 and 1x HeX

After some minutes the MDB-table is empthy and the multicast flood to all ports :(

Try different settings, not help.
No issues with IGMP Snooping here using RB4011 and a couple of HAP AC2 devices

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:39 am
by dg1kwa
IGMP Snooping not work correct with this release.

4x rb2011, 1x CRS106 and 1x HeX

After some minutes the MDB-table is empthy and the multicast flood to all ports :(

Try different settings, not help.
No issues with IGMP Snooping here using RB4011 and a couple of HAP AC2 devices
I switch igmp snooping on, set version to v3. Then the MDB Table start to filling and 1-2 minute later mdb table is empty and multicast traffic flood to all ports :(

With 6.47.8 was all ok

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:42 am
by huntermic
IGMP Snooping not work correct with this release.

4x rb2011, 1x CRS106 and 1x HeX

After some minutes the MDB-table is empthy and the multicast flood to all ports :(

Try different settings, not help.
No issues with IGMP Snooping here using RB4011 and a couple of HAP AC2 devices
I switch igmp snooping on, set version to v3. Then the MDB Table start to filling and 1-2 minute later mdb table is empty and multicast traffic flood to all ports :(

With 6.47.8 was all ok
I'm using IGMP version 2

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:45 am
by andrzej
cAP ac works OK.
CRS112-8P-4S my network places ver 6.46.8 (long-term) i can see my network shares and dlna servers
Image
After upgrade to 6.48
Image

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:47 am
by eworm
Thats odd - I've got pfs set in phase 2 and the IKEv2 tunnel establishes correctly:
Yes, they establish correctly. But do they rekey without issue? Have a look at your log...

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:52 am
by eworm
Please help if you experiencing similar issues as I have no idea where to even start troubleshooting.
Have a look above, IPSec issues have been discussed before.

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 12:23 pm
by Ozon
You cannot be serious with this. How are they responsible for anyone deploying this in production just before the holiday's? Testing fine but not actual prod. We freeze all prod equipment around 18th of Dec to 11th of Jan and do not allow any upgrades/changes unless it is an emergency.
If it is this important I recommend you use Long-term instead as they tend to be better in term of version change but always test first.
Customer is always right. Why customer can't use as it marked as stable?

Anyway i'm in contact with support now, they suggested to turn off LLDP
/ip neighbor discovery-settings set protocol=cdp,mndp

UPD:
this doesn't help

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 12:27 pm
by strods
osc86, mducharme, dioeyandika, psybernoid, jcmerg, brbsh, elbob2002, R00tKit, nimbo78, andkar, newrealsprl, nostromog, bmatic, rushlife, FurfangosFrigyes, deweydb, nwa, FabioA, ganewbie, h17, WirtelPL, complex1, sterod, ganewbie, kombinat, jwelstead, mafiosa, OndrejHolas - Thank you for your reports. These issues will be resolved in the upcoming RouterOS releases.

tomaskir - Is this on a router that was just reset?
TimothyKoval - What do you mean exactly by "crashes"?
MartijnVdS, staticsafe - Have you reported this to support with more details (supout file, pcap files, etc.)?
guruniverse - Can you please provide a supout file from such a router that would be generated right after the router should have received an SMS?
Ivoshiee - If the device has a directory named "flash" in its file list, then files which you want to be kept after system reboot/power cycle must be stored within it. As anything outside of it is kept within a RAM disk and will be lost upon reboot. Note: this does not include .npk upgrade files as they will be applied by the upgrade process before the system discards the RAM drive content.
IYARINDRA, tabareco, netraider, Lemahasta, mikelaurense, samasd, dg1kwa - Can you please provide supout file to support@mikrotik.com from this problematic router?
ksaa, joedoelv, netraider, Ozon, OndrejHolas - Can you please provide supout file to support support@mikrotik.com if you have not done that already? We are currently looking into this.
stefanosp - Did the router simply rever to the default configuration? Is it possible that the reset button is stuck?
npeca75 - No, this is not why we did release new free RouterOS versions for you.
valemal - To which support ticket do you refer to?

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 1:06 pm
by timsi
I confirm the problem with SIP connections on this firmware.
I have a bundle of Gigaset C610A IP + RBD52G-5HacD2HnD. When upgrading to 6.48 started constant disconnections with SIP servers. Unfortunately, the Gigaset C610A IP doesn't provide any additional information about the problems (logs). After downgrading to 6.46.8 everything was normal (as been).

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 1:40 pm
by nithinkumar2000
For Delegated-IPv6-Prefix - any chance of adding the feature address-change-immediate-update like in Juniper? https://kb.juniper.net/InfoCenter/index ... id=KB31659

You already are doing RADIUS accounting for the DHCPv6-PD session for a PPPoE tunnel, but it is a different session. The address-change-immediate-update setting causes that Delegated-IPv6-Prefix to be copied to the PPPoE session itself. Then the DHCPv6-PD prefix is linked to the PPPoE session as well in RADIUS rather than only being a separate session.

Same Request from me also....

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 2:22 pm
by dg1kwa
osc86, mducharme, dioeyandika, psybernoid, jcmerg, brbsh, elbob2002, R00tKit, nimbo78, andkar, newrealsprl, nostromog, bmatic, rushlife, FurfangosFrigyes, deweydb, nwa, FabioA, ganewbie, h17, WirtelPL, complex1, sterod, ganewbie, kombinat, jwelstead, mafiosa, OndrejHolas - Thank you for your reports. These issues will be resolved in the upcoming RouterOS releases.

tomaskir - Is this on a router that was just reset?
TimothyKoval - What do you mean exactly by "crashes"?
MartijnVdS, staticsafe - Have you reported this to support with more details (supout file, pcap files, etc.)?
guruniverse - Can you please provide a supout file from such a router that would be generated right after the router should have received an SMS?
Ivoshiee - If the device has a directory named "flash" in its file list, then files which you want to be kept after system reboot/power cycle must be stored within it. As anything outside of it is kept within a RAM disk and will be lost upon reboot. Note: this does not include .npk upgrade files as they will be applied by the upgrade process before the system discards the RAM drive content.
IYARINDRA, tabareco, netraider, Lemahasta, mikelaurense, samasd, dg1kwa - Can you please provide supout file to support@mikrotik.com from this problematic router?
ksaa, joedoelv, netraider, Ozon, OndrejHolas - Can you please provide supout file to support support@mikrotik.com if you have not done that already? We are currently looking into this.
stefanosp - Did the router simply rever to the default configuration? Is it possible that the reset button is stuck?
npeca75 - No, this is not why we did release new free RouterOS versions for you.
valemal - To which support ticket do you refer to?
I send already.
Two new information:
1. MDB Table at all router full (more than 1048 entrys from IPv6-address) then next moment it is empthy
2. on one Router I disable IPv6. Now I have only 5 ipv4 address at mdb table at igmp snopping still work

In not use IPv6-Multicast for IP-TV!

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 2:33 pm
by mkx
I confirm the problem with SIP connections on this firmware.
I have a bundle of Gigaset C610A IP + RBD52G-5HacD2HnD.
Did you bother to read a few posts before your own? It was suggested to disable LLDP and (at least for some users) this fixes the SIP problem with Gigaset phones.

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 2:39 pm
by valemal
osc86, mducharme, dioeyandika, psybernoid, jcmerg, brbsh, elbob2002, R00tKit, nimbo78, andkar, newrealsprl, nostromog, bmatic, rushlife, FurfangosFrigyes, deweydb, nwa, FabioA, ganewbie, h17, WirtelPL, complex1, sterod, ganewbie, kombinat, jwelstead, mafiosa, OndrejHolas - Thank you for your reports. These issues will be resolved in the upcoming RouterOS releases.
valemal - To which support ticket do you refer to?
SUP-33662

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 3:16 pm
by Ozon
ksaa, joedoelv, netraider, Ozon, OndrejHolas - Can you please provide supout file to support support@mikrotik.com if you have not done that already? We are currently looking into this.
done, SUP-37406

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 4:52 pm
by valemal
Time for me to ask again, is the bug with the SFP ports not working fixed in this version?

(my MikroTik hAP ac RB962UiGS-5HacT2HnT View this servicedesk in support portal )
Your issue might be depending on the type of SFP you use,
I have 4pc of RB962UiGS-5HacT2HnT with Mikrotik SFP's and they work fine
You should contact support directly ....
The SFP module has been tested on MikroTik RB4011iGS + 5HacQ2HnD-IN and has no such issue. But at the same time, there is a problem in the MikroTik hAP ac RB962UiGS-5HacT2HnT router. therefore, I think that the problem is in the RB962UiGS-5HacT2HnT router

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 5:52 pm
by spiritamokk
Please help if you experiencing similar issues as I have no idea where to even start troubleshooting.
Have a look above, IPSec issues have been discussed before.
Thank you, I've read it all but nothing that would cover my case with IKEv1

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 7:00 pm
by hci
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
Same here on my RB3011. My WAN port was on ether 2 and kept flapping.

Moved it to ether10 and now have a stable WAN connection again but obviously the flapping issue isn't resolved.

Before moving to ether 10 I turned autonegotiation off but no luck.
We experienced port flapping on RB3011 too. Flapped about every 10 seconds or so. Were only using ethernet ports 1 and 10. Moved device in port 10 to port 5 and issue went away. Port 10 was in bridge group with an EoiP tunnel.

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 9:27 pm
by hatred
DoH related memory leak reported in SUP-31833 is not fixed in this release.

Re: v6.48 [stable] is released!

Posted: Mon Dec 28, 2020 10:56 pm
by raystream
Port Flapping on RB3011.
great now i am trying to get around but the suggested workaround is not working for me.

that is not really a stable release.
the statement: improved arm stability is wrong.

never had such a bad update from mikrotik.

will go back to long term version

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 12:21 am
by dad2312
Sorry i report a problem with PwrLine. After upgrade to 6.48, my two devices (model PL7411-2nD) don't pair.
After reboot, change settings, more and more.. nothing. Downgrade to long term, all change to ok. Untill 6.47.8 everything works fine.
ps: ether1, pwr-line1, wlan (off) all on bridge-local with no protocol (stp, rstp, etc...).
+1

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 12:47 am
by anesthc
Thats odd - I've got pfs set in phase 2 and the IKEv2 tunnel establishes correctly:
Yes, they establish correctly. But do they rekey without issue? Have a look at your log...
Started SUP-37534.

First issue - "IPsec-SA expired before finishing rekey" caused by wrong proposal coming from the side initating child SA rekey. I'm not sure that setting pfs-group to none and using IKE DH (happening once per IKE lifetime) is proper and secure solution.
Second issue - both sides are trying to rekey child SA no matter if one of them set as passive (responder-only) and it's also very undesirable. In case of MT-strongSwan or strongSwan-strongSwan it's at least possible to say rekey=no on particular peer.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 12:51 am
by NTESNick
Port Flapping on RB3011.
great now i am trying to get around but the suggested workaround is not working for me.

that is not really a stable release.
the statement: improved arm stability is wrong.

never had such a bad update from mikrotik.

will go back to long term version
Same issues here :(

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 1:12 am
by mducharme
Has anybody tried the LLDP-MED support yet? The only device I have to test with at home is an old antique Cisco 7941 phone, and although it gets the VLAN ID through LLDP-MED, after it connects to the voice VLAN and gets an IP there, it goes back to the main VLAN, then proceeds to flap back and forth between the default VLAN and the voice VLAN specified through LLDP-MED. However, I'm not sure if it is something weird that this old phone is doing, or whether there is actually an issue with the LLDP-MED implementation.

It is a rather simple setup - just an RB4011 with the phone plugged in to one of the ports, no bridge VLAN filtering used, and a voice VLAN on the bridge.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 1:45 am
by netraider
I confirm the problem with SIP connections on this firmware.
I have a bundle of Gigaset C610A IP + RBD52G-5HacD2HnD. When upgrading to 6.48 started constant disconnections with SIP servers. Unfortunately, the Gigaset C610A IP doesn't provide any additional information about the problems (logs). After downgrading to 6.46.8 everything was normal (as been).
I have exactly the same situation. In Asterisk logs there are disconnections without any reasons and there are no new attempts to reconnects. It looks like Mikrotik is dropping them. Rolling back to previous RouterOS is fully solve the problem.
Also I see a lot of posts about this problem on other network related forums.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 1:53 am
by anav
) defconf - improved CAP interface bridging;

What does this mean???

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 2:04 am
by tomaskir
tomaskir - Is this on a router that was just reset?

No reset, this was a fully configured router on an older version updated to 6.48 without any changes.
Before and after upgrade an "/export compact" was taken, and these 2 were diff-ed.

This resulted in the changeset you see - looks like the defaults changed in 6.48.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 2:17 am
by mducharme
It is a rather simple setup - just an RB4011 with the phone plugged in to one of the ports, no bridge VLAN filtering used, and a voice VLAN on the bridge.
Update - I figured out the issue. Every minute or so, the router was sending out an LLDP packet to the phone on both the bridge itself (untagged) and the VLAN interface. The packet from the VLAN interface came just after the packet from the bridge itself.

Normally, the extra LLDP packet that is tagged with the VLAN tag wouldn't cause a major issue, but in this case, it seems that MikroTik is for some reason including the LLDP-MED info only in the packet from "bridge" and not in the packet from the "Voice_VLAN" VLAN interface. Presumably, this is to prevent Q-in-Q or something along those lines. The problem is, however, that the phone interprets this tagged LLDP packet with no LLDP-MED voice vlan specified as an indication that there is no voice VLAN. So that makes it go back to the main untagged VLAN. Once it is on the main untagged VLAN, it is only a matter of time until it gets another LLDP packet from "bridge" with LLDP-MED specified, which makes it go back to the voice VLAN. Now that is back on the voice VLAN, it is only a matter of time until it gets an LLDP packet from the voice vlan with LLDP-MED missing, which makes it think there is no voice VLAN and it switches to untagged. This results in the flapping behaviour that I observed.

For now I have worked around this by purposely creating an interface list that excludes the voice VLAN, so that when the phone is on the VLAN, it only receives the one LLDP packet from "bridge" rather than two LLDP packets from both "bridge" and "Voice_VLAN". It seems that because the Voice_VLAN packet arrives slightly after the packet from bridge, the Voice_VLAN packet with missing voice VLAN ID wins, which causes the phone to flap.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 2:57 am
by mducharme
One further update: If I create a second VLAN on the bridge, the phone starts flapping again between untagged and voice vlan tagged. It appears that once it is on the voice vlan, it starts to process any VLAN tagged LLDP packets, even those that are for a completely unrelated VLAN (i.e. it is ignoring the VLAN ID in the tag and just processing LLDP packets tagged for any VLAN). The workaround of using an interface list to prevent this issue then has to include all VLAN interfaces, not just the voice VLAN, otherwise the phone sees the LLDP packet tagged for the other VLAN and decides to switch back to untagged.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 3:43 am
by mducharme
Another issue - the bridging by default forwards LLDP frames from other devices. The issue is that if the VoIP phone receives one of these (and mine has), it will flap back to untagged VLAN since the other device's LLDP frame is missing the LLDP-MED Network Policy VLAN. IMO, it would be ideal if there was a relatively easy way of stopping this. Maybe if bridge VLAN filtering is enabled, it will behave differently (I'm not sure if LLDP/CDP frames from other devices are forwarded when bridge vlan filtering is enabled), but it would be great if this were better documented.

EDIT: I tried enabling bridge vlan filtering, it didn't change anything regarding the behavior of LLDP and CDP. I was able to partially work around the issue by disabling hardware offload on all ports and creating a bridge filter as follows:
/interface bridge filter
add action=drop chain=forward comment="Block LLDP forwarding" mac-protocol=lldp
add action=drop chain=forward comment="Block CDP forwarding" dst-mac-address=01:00:0C:CC:CC:CC/FF:FF:FF:FF:FF:FF
But this is not an obvious solution, and this isn't suitable for the CRS switch line where software bridging is much too slow, and also I'm not sure this will help to prevent CDP/LLDP packets with VLAN tags from being forwarded to other ports. It would be ideal if there was a more comprehensive solution for bridges to prevent the forwarding of LLDP or CDP packets from port to port without having to disable hardware offload to accomplish it.

According to this HPE document, LLDP should not be forwarded from port to port under any circumstances: https://techhub.hpe.com/eginfolib/netwo ... 06s12.html

It would make sense to adjust bridging to behave in a similar way so that LLDP is not forwarded.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 9:52 am
by nevolex
Hi guys

@emils

Updated my Audience to 6.48 and secondary wifi 5Ghz band is now not working at all (1733 Mbit/s one) I was using it as my primary network not as mesh

Please see that some setting are now missing for the band 5500 (1733 wirelss network compare to regular 5ghz)

Please fix

https://ibb.co/q1KcY6j

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 11:07 am
by dbeyzade
Testing the new Delegated-IPv6-Prefix via PPPoE software version 6.48

First PPPoE authentication is successful - prefix is assigned from RADIUS

When a second user dials up. There is an error:

could not add dhcpv6 server with pool : server with such name already exists (7)

This seems to stem from the fact the dynamically created DHCPv6 server has no name. Any ideas?

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 11:51 am
by OndrejHolas
LLDP should not be forwarded from port to port under any circumstances
Agreed. AFAIK, special L2 control protocols (especially those using multicast addresses 01-80-C2-00-00-00 to 01-80-C2-00-00-0F), including LLDP, are intended to be "bridge-to-bridge" and their frames should not be forwarded in any case.

Since LLDP provides information about physical port and its capabilities, LLDP encapsulated in frame with 802.1Q VLAN tag makes no sense and can have unexpected results on buggy or incomplete LLDP implementations.

LLDP(-MED) implementation in ROS is very basic from configuration perspective. No control over TLVs sent, no control over accepting LLDP frames (security policy in some organizations require switches to only transmit basic information to identify ports and discard any discovery information received), no support for multiple voice VLANs on single box, no support for additional media VLANs (signalling, video etc.).

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 1:51 pm
by Trunkz
Thats odd - I've got pfs set in phase 2 and the IKEv2 tunnel establishes correctly:
Yes, they establish correctly. But do they rekey without issue? Have a look at your log...
You are right. SA expires before rekey. Set pfs to none and will monitor..

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 1:59 pm
by likaon
Updating the hap AC2 device went quickly and well.

whether this update was intended to fix an Accesspoint problem and fix getting IP with wireless clients. I'm saying that I have two Accesspoint TL-WA854RE and asus rp-ac5 devices that cannot broadcast IP.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 2:42 pm
by tomislav91
Trusted checkbox appears twice in Bridge -> Ports -> <interface> -> General
What that use for?

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 2:57 pm
by Jotne
DoH related memory leak reported in SUP-31833 is not fixed in this release.
Hmm, you can guess from the graph when I turned on DoH!!
Open space at the end is when I upgraded to 6.48 and you see memory goes up after upgrade as well.
memory.jpg

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 3:04 pm
by normis
I fixed upload permissions for this section, you can now attach files again

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 3:21 pm
by anav
Jotne, thanks for sharing your near death experience graph from the hospital. ;-)

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 3:29 pm
by Heavy
Port flapping on RB3011 for me too after upgrade to 6.48, i've just opened a support ticket to send the supout file

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 4:17 pm
by Jotne
DoH Turned off, so will see after some days if memory stabilise it self.

@Normis. Thanks, Image uploaded :)

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 6:13 pm
by staticsafe
Time for me to ask again, is the bug with the SFP ports not working fixed in this version?

(my MikroTik hAP ac RB962UiGS-5HacT2HnT View this servicedesk in support portal )
Your issue might be depending on the type of SFP you use,
I have 4pc of RB962UiGS-5HacT2HnT with Mikrotik SFP's and they work fine
You should contact support directly ....
The SFP module has been tested on MikroTik RB4011iGS + 5HacQ2HnD-IN and has no such issue. But at the same time, there is a problem in the MikroTik hAP ac RB962UiGS-5HacT2HnT router. therefore, I think that the problem is in the RB962UiGS-5HacT2HnT router

I am on a hAP AC, the SFP is ALCATELLUCENT G010SP.

Last time I upgraded from v6.46.6, the SFP interface doesn't get link. I can't replace the SFP with a different one as I believe Bell Canada locks the connection to the specific SFP they provide (if I'm incorrect, somebody let me know because then I can try a Mikrotik or other SFP).

AFAIK, Mikrotik is aware of this issue already, it was reported them a while back when 6.47 was first released.

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 6:31 pm
by shavenne
6.48 is the same as rc1 I guess? So this =>
Tried to update my switches at home (CRS112-8P-4S, CRS112-8G-4S, CRS309-1G-8S+, CRS328-24P-4S+) to 6.48beta40 yesterday (6.47.4 before).
For some reason all clients stopped getting IPv6 addresses from my RB4011 (with 7.1beta2) then.
I started downgrading the firmware on the CRS328-24P-4S+ (to which the RB4011 is also connected) and all clients connected to it were getting IPv6 addresses again.
I still had to downgrade the other switches too to obtain IPv6 there also.

I find it quite strange as I'm not using any routing or firewall functions on the switches. Actually just VLANs (all IPv6 clients are in a seperate vlan) and nothing else.
Any idea what's going wrong?
Tried the same with 6.48rc1 today. Still the same problem :(
Downgraded to 6.47.8 and it works again immediately.
will remain, right??

This is my config:
# dec/24/2020 14:59:11 by RouterOS 6.47.8
# software id = 76F0-EZPJ
#
# model = CRS328-24P-4S+
# serial number = A1A10A614FF6
/interface bridge
add admin-mac=74:4D:28:D3:63:6B auto-mac=no comment=defconf igmp-snooping=yes \
    name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=pi.home
set [ find default-name=ether2 ] comment="Kamera Hof"
set [ find default-name=ether5 ] comment="Deep-Thought Intel-Karte"
set [ find default-name=ether6 ] comment=Slow-Thought
set [ find default-name=ether11 ] comment=TV
set [ find default-name=ether13 ] comment=HTPC
set [ find default-name=ether14 ] comment=AV-Receiver
set [ find default-name=ether22 ] comment="Freifunk Hotspot (Hof)"
set [ find default-name=ether23 ] comment=\
    "Unifi AP + plastikschleuder.home (RPi)"
set [ find default-name=ether24 ] comment="WAN LTE"
set [ find default-name=sfp-sfpplus1 ] comment="Zum Keller"
set [ find default-name=sfp-sfpplus2 ] comment="Deep-Thought 10G"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,tikapp"
add name=prometheus policy="read,winbox,api,!local,!telnet,!ssh,!ftp,!reboot,!wr\
    ite,!policy,!test,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22 pvid=31
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge comment="IPv6 only" tagged=sfp-sfpplus1,ether5 vlan-ids=66
add bridge=bridge comment="WAN Freifunk" tagged=\
    sfp-sfpplus1,ether23,ether24,sfp-sfpplus2,ether13,ether10 vlan-ids=12
add bridge=bridge comment="Freifunk Hotspot" tagged=sfp-sfpplus1,ether5 \
    untagged=ether22 vlan-ids=31
add bridge=bridge comment=VoIP tagged=sfp-sfpplus1,ether23,ether24 vlan-ids=21
add bridge=bridge comment="WAN FTTH1" tagged=sfp-sfpplus1,ether17 vlan-ids=4001
add bridge=bridge comment="WAN FTTH2" tagged=sfp-sfpplus1,ether17 vlan-ids=4002
add bridge=bridge comment="WWW \FCber bridge-pi" tagged=sfp-sfpplus1,ether17 \
    vlan-ids=4050
add bridge=bridge comment="Freifunk Hotspot (Balkon)" tagged=\
    sfp-sfpplus1,ether5 vlan-ids=32
add bridge=bridge comment="IPv6 Pool 2" tagged=sfp-sfpplus1,ether5 vlan-ids=67
add bridge=bridge comment="WAN LTE" tagged=sfp-sfpplus1,ether24 vlan-ids=4010
add bridge=bridge comment=IceCC tagged=ether5,sfp-sfpplus1 vlan-ids=530
/ip address
add address=192.168.90.7/24 interface=bridge network=192.168.90.0
/ip dns
set servers=192.168.90.1
/ip firewall filter
add action=accept chain=output
add action=accept chain=input
/ip route
add distance=1 gateway=192.168.90.1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=SW_WohnungOben
/system ntp client
set enabled=yes primary-ntp=62.108.36.235 secondary-ntp=46.165.221.137
/system package update
set channel=testing
/system routerboard settings
set boot-os=router-os
/system swos
set address-acquisition-mode=static allow-from-ports="p1,p2,p3,p4,p5,p6,p7,p8,p9\
    ,p10,p11,p12,p13,p14,p15,p16,p17,p18,p19,p20,p21,p22,p23,p24,p25,p26,p27,p28\
    " identity=SW_WohnungOben static-ip-address=192.168.90.7
(exported from v6.47.8)
Tested it now with the final 6.48. Problem still persists. Sniffed with wireshark now: The only packets I'm getting are the MNDP from my router.
Can somebody tell me if it's a bug or not? Or is it just working 'by accident' with old versions and I have misconfigured something?! Doesn't seem like that actually.

/edit: It begins to work again if I disable IGMP snooping. So something is wrong with IGMP/MLD snooping I guess??

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 8:42 pm
by tomislav91
Does this affect some Stellaris microcontrollers, because i am having some issue with communication? Maybe some have information?

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 10:43 pm
by evince
*) branding - fixed LCD logo loading from new style branding package;
How can we add a LCD logo? It would be great to add a custom image with our company logo and the Router-Name.
Go to your Mikrotik account,
At the bottom you see other.
Click on branding maker.
Here you can add your logo.
Then you have to load a package into the router.
If this adjustment is loaded in the router.
You can delete it by netinstall. A reset procedure does not delete them.
I wish you a happy holidays and keep it safe.
Thank you, it helped me :-)

By the way, is there any solution to fix it as default screen? The goal is to display only a logo.

Thank you in advance :)

Re: v6.48 [stable] is released!

Posted: Tue Dec 29, 2020 11:27 pm
by benoitc
RouterOS version 6.48 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48 (2020-Dec-22 11:20):

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
with this release fans on the CRS312-4C+8XG-RM are running at max :/ any idea how ic an reduce the speed?

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 12:05 am
by acidvenom
RB3011 - ports 6-10 flapping every 5 seconds.
IKEv2 policy problem with "no generate" option. Server drops random connection if there are 2 IKEv2 tunnels from single client IP address.

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 4:46 am
by spiritamokk
Please help if you experiencing similar issues as I have no idea where to even start troubleshooting.
Have a look above, IPSec issues have been discussed before.
Downgraded from "Stable" 6.48 to Long-Term 6.46.8 and IPSec IKEv1 issues disappeared. I guess I was just lucky not getting problems for 3 years, so no more "Stable" releases for me. Will stick to less "feature rich" upgrades =)

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 8:45 am
by fsu4life07
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
I can confirm that I am having this exact same problem on the RB3011, downgraded to 6.47.8 and the problem was resolved.

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 8:57 am
by fsu4life07
Our 3011 is old but maybe not as old as yours it was shipping with firmware 3.41
Mine is indeed older, factory firmware is 3.27.

Ondrej
Mine is also factory firmware 3.27, and I have the port flapping issue

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 12:29 pm
by Heavy
i've received a reply from the support, they solve the 3011 port flapping on the next 6.48.xx

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 12:56 pm
by Jotne
DoH does definitely have a memory problem. After turning it off for one day, this is how my memory logs looks like on my hEX.
Support case created. SUP-37699
.
memory2.jpg

LLDP on RB941-2nD

Posted: Wed Dec 30, 2020 1:46 pm
by OndrejHolas
Also noticed that after upgrade to 6.48 the hAP lite (RB941-2nD - smips) stopped transmitting LLDP frames (neither periodic nor after receiving MED probe from phone), although it still processes received LLDP frames (discovered phones are visible in /ip nei pr); all three discovery protocols are enabled, MNDP and CDP frames are transmitted, but not LLDP.

6.47.8 with the same configuration transmits periodic LLDP frames as expected.

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 3:07 pm
by CTSsean
I think the moral to this story is to avoid majors (6.48) and wait until the first minor (6.48.1)
Moral of this story:

1. MKT was forced by sales department to release "new" (7b/6b) versions before christmas without testing
2. Never trust blindly and install anything on holiday season
only a narcissist would say this.

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 6:39 pm
by Lemahasta
After upgrade from 6.47.8 IPSEC-IKEV2 from windows 10 client -> mikrotik CCR 1009 using eap-radius stopped working.

After downgrade everything works fine again. RADIUS sends access-accept, windows client tries connecting for some time than just times out.
No errors in mikrotik. Just doesn't work.

Downgrade to 6.47.8 fixes issue.

IPSEC-IKEV2 using strongswan client (for android) works fine in both versions (6.47.8 and 6.48).
Error I'm getting on mikrotik is:
invalid MSK length

I suppose that's caused by the patch note:
*) ike2 - fixed EAP MSK length validation;

I don't know, doesn't seem fixed if standard windows 10 client is now invalid, but worked before.
Changing on windows client EAP from EAP-PEAP to EAP-MSCHAP2 fixes ("=>EAP MSK (size 0x20))" is in debug. But this setting is not preferred.

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 9:40 pm
by tesme33
Hi
just want to add some information to the Multicast related discussions.
Upgraded my CRS326 to 6.48 and MDB was not filling. Enabling Multicast snooping (which was disabled) --> MDB was filling.
But still no Multicast traffic going through. How do i know ?
Easy answer my SatIP setup is no longer working. The clients no longer see the SatIP server.

[admin@CRS326] /system routerboard> print
                ;;; Firmware upgraded successfully, please reboot for changes
                    to take effect!
       routerboard: yes
             model: CRS326-24G-2S+
     serial-number: 94550966B962
     firmware-type: dx3230L
  factory-firmware: 6.42.7
  current-firmware: 6.47.8
  upgrade-firmware: 6.48

[admin@CRS326] /interface bridge> print
Flags: X - disabled, R - running
 0 R name="bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled
     arp-timeout=auto mac-address=B8:69:F4:8D:F3:76 protocol-mode=none
     fast-forward=yes igmp-snooping=yes multicast-router=temporary-query
     multicast-querier=no startup-query-count=2 last-member-query-count=2
     last-member-interval=1s membership-interval=4m20s querier-interval=4m15s
     query-interval=2m5s query-response-interval=10s
     startup-query-interval=31s250ms igmp-version=2 mld-version=1 auto-mac=no
     admin-mac=B8:69:F4:8D:F3:76 ageing-time=5m vlan-filtering=no
     dhcp-snooping=no


[admin@CRS326] /interface bridge mdb> print
GROUP                                                VID PORTS      BRIDGE
239.255.255.250                                          sfp-sfp... bridge
                                                         ether23...
                                                         sfp-sfp...
                                                         ether3
                                                         ether1 ...
                                                         ether9 ...
                                                         ether12...
                                                         ether19...
ff02::fb                                                 ether1 ... bridge
                                                         ether12...

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 10:12 pm
by techdude
Applied the 6.48 on my CRS354 in my fully functional environment. After i could not access the device and it created loops so the entire network went down until i turned the CRS354 off. I'm running MSTP that was working 100% in 6.47.8. After downgrade back to 6.47.8 everything works. I run two bonding interfaces with 802.3ad that works in 6.47.8, i suspect the loops could be related to those but i haven't had time to do more testing as it cost me a few hours just to fix this downgrade and troubleshoot. I will wait until a more stable release before i try again, i might configure the device from scratch next time to see whats causing issues.

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 11:01 pm
by MikeRoTik
m33g - added support for "/system gpio" menu (CLI only);



Could we please, please, please have the documentation for the RBM33G Header and instructions on how to trigger the gpio pins as inputs? (Pull up, pull down, resistor?, etc...)

Did I say PLEASE?

Re: v6.48 [stable] is released!

Posted: Wed Dec 30, 2020 11:41 pm
by tesme33
After reboot and new firmware it is working.
Lets see if it stops after some time. As mentioned in a post before.


[admin@CRS326] /system routerboard> print
       routerboard: yes
             model: CRS326-24G-2S+
     serial-number: 94550966B962
     firmware-type: dx3230L
  factory-firmware: 6.42.7
  current-firmware: 6.48
  upgrade-firmware: 6.48
Hi
just want to add some information to the Multicast related discussions.
Upgraded my CRS326 to 6.48 and MDB was not filling. Enabling Multicast snooping (which was disabled) --> MDB was filling.
But still no Mulricast traffic going through. How do i know ?
Easy answer my SatIP setup is no longer working. The clients no longer see the SatIP server.

[admin@CRS326] /system routerboard> print
                ;;; Firmware upgraded successfully, please reboot for changes
                    to take effect!
       routerboard: yes
             model: CRS326-24G-2S+
     serial-number: 94550966B962
     firmware-type: dx3230L
  factory-firmware: 6.42.7
  current-firmware: 6.47.8
  upgrade-firmware: 6.48

...
                                                         ether12...
                                                         ether19...
ff02::fb                                                 ether1 ... bridge
                                                         ether12...

Re: v6.48 [stable] is released!

Posted: Thu Dec 31, 2020 8:10 am
by Jotne
Found change in logging that was not mention in the DHCP logs.

&MT Please also list these type of changes as well, since my Splunk for Mikrotik did stop showing DHCP logs due to this.
Its positive that you finally have stated to clean up the logs mess :) viewtopic.php?t=124291

Old format
dhcp,debug,packet MikroTik: DHCP-Main received request with id 2264044792 from 192.168.10.230
New format
dhcp,debug MikroTik: DHCP-Main received request id 212743147 from 192.168.10.230 '1:c4:ad:34:c3:37:xx'
packet is removed and mac added to this log line
MikroTik: is a prefix I have added.

What other logs has changed?

Re: v6.48 [stable] is released!

Posted: Thu Dec 31, 2020 2:32 pm
by herger
I noticed that when using a CRS317 as Port Controller and a CRS309 as Port Extender, once the link between the two devices fails the Port Controller completely stops forwarding and is not accessible anymore. It stays in the locked up state until the link to the Port Extender is restored. This behavior makes it some what risky to use this new feature but i hope this will be fixed in future versions.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 10:25 am
by TheSirStumfy
Really hope they fix the RB3011 finally.

Mine has been flapping for years, I have 2 years of logs to prove it. Some updates ware better some worse, but none fixed it truly.

set X cpu-flow-control=no name="Switch x" does help a bit, but never really went away, just went from many flaps a day to some flaps per week.

Im honestly half way to asking for a refund, since the product just does not work in the current state. It has caused corrupted backups in the past when the flap landed on the backup schedule.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 11:05 am
by Kindis
Really hope they fix the RB3011 finally.

Mine has been flapping for years, I have 2 years of logs to prove it. Some updates ware better some worse, but none fixed it truly.

set X cpu-flow-control=no name="Switch x" does help a bit, but never really went away, just went from many flaps a day to some flaps per week.

Im honestly half way to asking for a refund, since the product just does not work in the current state. It has caused corrupted backups in the past when the flap landed on the backup schedule.
I have two 3011 and I have none of these issue. Are your sure it is not the connected devices or cable?

I use to have a flapping issue on my RB750gr3 but after I disabled EEE on the port in the Zyxel switch this issue went away.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 11:28 am
by notToNew
I have two 3011 and I have none of these issue. Are your sure it is not the connected devices or cable?

I use to have a flapping issue on my RB750gr3 but after I disabled EEE on the port in the Zyxel switch this issue went away.
same here. IT was not mikrotik. at anotzer location I had serious electrical Problems. I needed to use a special cat2 safety poweradapter to get rid of the Port disconnects.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 12:06 pm
by TheSirStumfy
Hm.. the only thing honestly that could be a problem is a SFP module. Ok thanks for the idea guys, Ill play around with switching if for a different one, perhaps it could be causing problems.. Did not try that, because it works fine.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 12:09 pm
by zervan
Did this update break anyone else's pwr line setup? I have a pwr line pro and at the other end of pwr line AP and the link between them is now incredibly unstable. I had to downgrade to 6.47.8 to restore connectivity.
Yes, there is a bug at least in PWR-LINE AP: The problem is that interface "pwr-line" is reported as not running despite the fact that it is sending and receiving frames, see the screenshot from WinBox. If the interface is part of bridge, then it is reported as invalid.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 1:20 pm
by B3nder
Hi, just to add, also having issues with RB3011UiAS and 6.48.

The router never restarted following the installation of 6.48, had to manually power cycle.
Ethernet ports are unstable with them going down repeatedly.

Reverted back to 6.46.8 [Long Term], seems good so far.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 1:29 pm
by Masyanich
ccr 1016-12g
resetted all ppp secrets after upgrade
this build is a pure disaster

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 2:07 pm
by erlinden
I absolute love the wireless improvement I'm experiencing. More stability and higher speeds.

Unfortunately I noticed periodic "link down", strangely enough only between my RB4011 and my CRS112-8P-4S. This is not occurring between the RB4011 and a cAP ac and not between CRS112-8P-4S and the cAP ac and wAP ac. Have not excluded possible cable problems, but on the other hand, I never noticed it on the LTS I was running previously.

Re: v6.48 [stable] is released!

Posted: Fri Jan 01, 2021 11:49 pm
by nichky
*) ppp - store "last-caller-id" for PPP secrets;

how that one works?

Re: v6.48 [stable] is released!

Posted: Sat Jan 02, 2021 10:21 am
by randomwalk
DNS regression after 6.48 update
RB450Gx4
edited --> 6.46.8 (FW 6.46.8) LTS --> 6.47.8 (FW 6.47.8) Stable --> 6.48 (FW 6.47.8) Stable --> 6.46.8 (FW 6.46.8) <--- edited

1. CPU utilization during reboot spiked higher, and stayed high for much longer.
2. RouterOS took 15 min to parse ~83,000 static DNS records at reboot compared to <1 min before.
3. Idle CPU utilization after update increased from 0% to 2%
4. DNS service was unavailable for 15 minutes after reboot.
5. Router downtime ~15 min upon reboot is not acceptable. Compare it to <1 min before.

My configuration includes ~83,000 static DNS records, so I had to downgrade to 6.46.8 LTS.
After downgrade, the CPU utilization went back to normal, with less than 1 minute downtime again.

See some screenshots:
Image
https://pasteboard.co/JHKgyOC.png

Image
https://pasteboard.co/JHKlz5U.png

Re: v6.48 [stable] is released!

Posted: Sat Jan 02, 2021 10:33 am
by randomwalk
we are waiting for 6.48.5 .. stable release is beta channel
Agree, The "stable" channel should be called Beta.

Re: v6.48 [stable] is released!

Posted: Sat Jan 02, 2021 10:44 am
by DarkNate
we are waiting for 6.48.5 .. stable release is beta channel
Agree, The "stable" channel should be called Beta.
Although v6.48 is perfectly stable for my RB450Gx4. I agree with you and the other members here.

Eventually, I will be forced to move to a different vendor with a more reliable "stable" channel for patches/updates.

Re: v6.48 [stable] is released!

Posted: Sat Jan 02, 2021 12:30 pm
by complex1
we are waiting for 6.48.5 .. stable release is beta channel
Agree, The "stable" channel should be called Beta.
Although v6.48 is perfectly stable for my RB450Gx4. I agree with you and the other members here.

Eventually, I will be forced to move to a different vendor with a more reliable "stable" channel for patches/updates.
... or use the Long-term version if you want a more stable version. ;-)

Re: v6.48 [stable] is released!

Posted: Sat Jan 02, 2021 12:42 pm
by acidvenom
we are waiting for 6.48.5 .. stable release is beta channel
Agree, The "stable" channel should be called Beta.
Although v6.48 is perfectly stable for my RB450Gx4. I agree with you and the other members here.

Eventually, I will be forced to move to a different vendor with a more reliable "stable" channel for patches/updates.
OK then find equal vendor with handy console, cheap devices with support and a lot of features.

Re: v6.48 [stable] is released!

Posted: Sat Jan 02, 2021 9:46 pm
by Jotne
6.46.8 LTS --> 6.48 Stable --> 6.46.8 LTS
Did you also upgrade the firmware.

Re: v6.48 [stable] is released!

Posted: Sun Jan 03, 2021 1:22 am
by randomwalk
6.46.8 LTS --> 6.48 Stable --> 6.46.8 LTS
Did you also upgrade the firmware.
No i did not upgrade the firmware. The firmware was v6.47.8 (i forgot that I switched to Stable channel ~4 weeks ago.)
Here is my exact (more accurate) update path:
6.46.8 (FW 6.46.8) LTS --> 6.47.8 (FW 6.47.8) Stable --> 6.48 (FW 6.47.8) Stable --> 6.46.8 (FW 6.46.8)
So in the end i rolled back both the firmware and routeros to LTS.

P.S. To mikrotik developers: here is another snapshot some 16 hrs later.
It appears that 6.48 memory usage is better than 6.47.8, but neither can match 6.46.8 which is better in both: CPU and RAM usage
Image
https://pasteboard.co/JHQqX4v.png

Re: v6.48 [stable] is released!

Posted: Sun Jan 03, 2021 8:53 am
by garrettgee2001
Applied the 6.48 on my CRS354 in my fully functional environment. After i could not access the device and it created loops so the entire network went down until i turned the CRS354 off. I'm running MSTP that was working 100% in 6.47.8. After downgrade back to 6.47.8 everything works. I run two bonding interfaces with 802.3ad that works in 6.47.8, i suspect the loops could be related to those but i haven't had time to do more testing as it cost me a few hours just to fix this downgrade and troubleshoot. I will wait until a more stable release before i try again, i might configure the device from scratch next time to see whats causing issues.
I can also confirm the brick/freezing issue with a CRS326-24P-4S+ and an LACP bond. If you don't have anything plugged in to the any of the bonded interfaces when the CRS boots, no issues, but the moment anything is plugged into any port that is part of a bond (I have tried other switches, wireless access points, a raspberry pi), the switch freezes and becomes inaccessible in any way (telnet, serial, ip, etc).

Re: v6.48 [stable] is released!

Posted: Sun Jan 03, 2021 9:32 am
by Jotne
Image
Do not post link to image. Upload them to the forum use the Attachments button below the post window. It will then stay in the forum.

Re: v6.48 [stable] is released!

Posted: Sun Jan 03, 2021 5:10 pm
by zeek01
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)
My RB3011 has flapping ports on both switch groups (1-5) and (6-10), going to roll back now... if I can work out how!!

IF YOU HAVE AN RB3011 DON'T USE THIS FIRMWRE would be my advice.

Steve

Re: v6.48 [stable] is released!

Posted: Mon Jan 04, 2021 8:49 am
by elbob2002
After upgrading on RB3011 ports in switch group 1 (ether1-5) started flapping every 5 minutes. Rolled back on 6.47.8 and all seems ok. So 3011 users, install with care! ;)

My RB3011 has flapping ports on both switch groups (1-5) and (6-10), going to roll back now... if I can work out how!!

IF YOU HAVE AN RB3011 DON'T USE THIS FIRMWRE would be my advice.

Steve
Copy the correct .npk to your RB3011 using Winbox to Files folder.

https://download.mikrotik.com/routeros/ ... 6.47.8.npk

From the terminal in winbox type
/system package downgrade

Re: v6.48 [stable] is released!

Posted: Mon Jan 04, 2021 10:28 am
by jakubk2
i can confirm massive connectivity issues with Gigaset phones after upgrading to 6.48

rb962UiGS and Gigaset C430 IP
rb951G-2HnD and Gigaset A690 IP (same issues with A580 IP)

i had to downgrade both routers to 6.46.8. After downgrade everything is working fine again.

Re: v6.48 [stable] is released!

Posted: Mon Jan 04, 2021 1:24 pm
by WildRat
The hAP ac v6.48 router rebooted today due to an existing memory leak issue:
Image
This problem has been present in several recent stable releases:
Image
This is most likely due to DoH function, because my secondary router wAP ac don't have same problem.

Re: v6.48 [stable] is released!

Posted: Mon Jan 04, 2021 2:14 pm
by Jotne
This is most likely due to DoH function, because my secondary router wAP ac don't have same problem.
If you did read this thread, you will see that I posted the same here:
viewtopic.php?p=837044#p837044

MT will try to fix it for the next release.

Re: v6.48 [stable] is released!

Posted: Tue Jan 05, 2021 2:44 am
by randomwalk
Image
Do not post link to image. Upload them to the forum use the Attachments button below the post window. It will then stay in the forum.
I tried, but don't have the privilege according to forum faq. Thanks anyway.

Re: v6.48 [stable] is released!

Posted: Tue Jan 05, 2021 7:46 pm
by aries
Hello,
After upgrading to 6.48, dhcp snooping is not working (blocking dhcp requests) on CRS326-24G-2S+ and CRS305-1G-4S+

Best regards.

Re: v6.48 [stable] is released!

Posted: Wed Jan 06, 2021 1:07 am
by Mountaineer
Upgrading an RB2011UiAS to 6.48 via WebFig caused a loss of connectivity on reboot. It may be a one-off case, but I could only gain access by netinstalling a downgrade. I'm sticking to Long Term for future upgrades to any critical equipment, and then only when CVEs are part of the long-term changelog. Why hasn't this release been removed from the downloads page?

Re: v6.48 [stable] is released!

Posted: Wed Jan 06, 2021 4:47 am
by julianho
The hex-s often no tx traffic in ethernet port when used for a while, and rx looks good.
At the same time ARP tables abnormal and network interruption, everything recovered when i restarted.
I have more than 50 Hex-s, 5 or more have experienced such problems.
This problem never happened to rb4011 and CCR.
So "routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);" means that problem was fixed ?

Re: v6.48 [stable] is released!

Posted: Wed Jan 06, 2021 5:45 am
by avggeek
On RB750gr3, Winbox 3.27 does not show any health information in v6.48. However "/system health print" works fine:

Image

Re: v6.48 [stable] is released!

Posted: Wed Jan 06, 2021 10:20 am
by zandhaas
On RB750gr3, Winbox 3.27 does not show any health information in v6.48. However "/system health print" works fine:
I have upgraded my RB750GR3 from 6.47.8 to 6.48 and Winbox 3.27 does show system health information.
2021-01-06 09_11_33-Keeper Desktop Applet.png

Re: v6.48 [stable] is released!

Posted: Wed Jan 06, 2021 12:07 pm
by mafiosa
fix port flapping please for 3011 ASAP

Re: v6.48 [stable] is released!

Posted: Thu Jan 07, 2021 12:19 am
by netraider
fix port flapping please for 3011 ASAP
And SIP forwarding too

Re: v6.48 [stable] is released!

Posted: Thu Jan 07, 2021 8:38 am
by imadloo
Hello

Problem after RB493G update. Mikrotik won't let traffic through and keeps crashing after several hours. Duplicate tested.

Other models such as: RB750Gr3, RB960PGS, RB2011iLS, RB750GL all ok.

Re: v6.48 [stable] is released!

Posted: Thu Jan 07, 2021 10:12 am
by avggeek

I have upgraded my RB750GR3 from 6.47.8 to 6.48 and Winbox 3.27 does show system health information.

2021-01-06 09_11_33-Keeper Desktop Applet.png
Did you upgrade firmware under "/system routerboard"? I have upgraded mine and I wonder if this is the cause.

Update: It doesn't seem to be an issue with the board firmware. I found that if I downgrade to long-term (6.46.8) the system health option works correctly, even with board firmware at 6.48. Upgrading from there to 6.48 Stable breaks it again. So it's something in the 6.48 packages.

Update #2: Well that's bizzare. I selected the system package and clicked Downgrade. Router rebooted and still shows system package version as 6.48 same as other packages. But now System>Health works in Winbox.

Re: v6.48 [stable] is released!

Posted: Thu Jan 07, 2021 11:10 pm
by zandhaas

Did you upgrade firmware under "/system routerboard"? I have upgraded mine and I wonder if this is the cause.
No this time I seemed to have forgotten to upgrade the routerboard firmware. Normaly I do it right after the RouterOS. So this is different to your environment.

For now I wait with the upgrade of the routerboard firmware :)

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 2:57 am
by mikrotikedoff
@Mountaineer

Hello and welcome as I see you are new. With Mikrotik you have to treat LT as "stable", stable as beta, testing as alpha, and beta as experimental. This has been a long term gripe from the community. Please be advised sometimes they release a bad/bugged LT version as well so even that tree cant be 100% depended on. Many people end up bouncing between stable and LT tree depending on which is performing better at a given time. For instance, all my production equipment at the moment is on 6.47.7 stable. They also never remove broken software versions they just add the new release when it becomes available. You'll definitely want to consider investing in some equipment to lab with to test new releases with before deployment.

Best regards,

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 11:30 am
by OndrejHolas
RB750GL with 6.48, directly connected Gigaset A540 IP (with latest firmware 42.248), no problems observed. Also checked with discovery turned on for all interfaces, including LLDP, and cold restart of the VoIP base (to achieve full init). Neither ping losses nor lagged/unreachable messages in Asterisk log (qualifyfreq=11) were detected. SIP uses TCP transport. Maybe A540 IP is too basic model and is not affected by LLDP changes - packet capture is missing LLDP-MED probes from the phone, so it seems that A540 IP does not support LLDP at all.

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 5:51 pm
by osc86
It seems static DNS records of type FWD are ignored once a DoH server is added.
Is this a design decision or a bug? If this is not going to change, we'll never be able to use it, because we need conditional forwarding.

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 6:04 pm
by eworm
It seems static DNS records of type FWD are ignored once a DoH server is added.
Is this a design decision or a bug? If this is not going to change, we'll never be able to use it, because we need conditional forwarding.
It has been this way since DoH has been introduced in 6.47 - see older release threads for details...
There has not been an answer from Mikrotik. I hope this is considered a bug and will be fix. I causes a lot of trouble for me as well.

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 6:23 pm
by osc86
I hope we'll get an official statement from a Mikrotik representative. As a workaround I'm currently forwarding all DNS requests to an OpenBSD machine running unbound, which handels DoH and CF just fine. Would be great if this could be done on the router itself.

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 6:28 pm
by eworm
Best is to open a support ticket with the complains.
I did not for 6.47 - in hope anything happens with the details in release thread...

Will open a ticket myself soon.

I had thought about an extra Raspberry Pi for DNS... But that would be a share for Mikrotik routers.
Also this is not an option for "mobile" devices, for example my hAP ac² or wAP ac LTE I carry in my bag...

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 7:32 pm
by deliveri
Hi R00tKit,
we are experiencing similar problems, with CCR1016-12S-1S+ , since upgrade to 6.48 .
SIP packets randomly disappear, mainly Siemens Gigaset A510IP A540 IP A690 IP affected.
But RTP (UDP stream) also affected randomly the uploading (going out to internet) packets losts.

Did you made a rollback from Mikrotik Firmware 6.48 to older one? Does is solve the SIP traffic problem?

Sadly I confirm the problem with Several RB3011. The switch chip of ports 1-5 works erratically after the upgrade.
All my PPPoE connections on those ports (usually 1,2) started flapping.
Switching to ports 6-10 worked for me, but this is kind of serious.

Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS. I think I will revert to the older version for now

Re: v6.48 [stable] is released!

Posted: Fri Jan 08, 2021 8:27 pm
by Kindis
Read in this thread about SIP and workaround.. All is written here.

Re: v6.48 [stable] is released!

Posted: Sat Jan 09, 2021 1:50 am
by korekvin
I have been pulling my hair over the Pwr-line units I have recently purchased.
6.48 indeed breaks pwr-line communication completely.
Installing long-term 6.46.8 solved the issue.

Re: v6.48 [stable] is released!

Posted: Sun Jan 10, 2021 11:10 am
by widerin
Sorry i report a problem with PwrLine. After upgrade to 6.48, my two devices (model PL7411-2nD) don't pair.
After reboot, change settings, more and more.. nothing. Downgrade to long term, all change to ok. Untill 6.47.8 everything works fine.
ps: ether1, pwr-line1, wlan (off) all on bridge-local with no protocol (stp, rstp, etc...).
Same here, switching to long-term channel with v6.46.8 solved the issue with my 3 pwr-line devices.

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 11:21 am
by fs89
Hey@ALL

After upgrading to version 6.48, I cannot create a new "bridge" or "ppp" connection.
The URL appears in the browser, but the web interface remains empty.

EXAMPLE:
- http://%IP%/webfig/#PPP.Interface.new.OVPN_Client
- http://%IP%/webfig/#Bridge.Bridge.new

THX for help and feedback

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 12:36 pm
by si458
Hi R00tKit,
we are experiencing similar problems, with CCR1016-12S-1S+ , since upgrade to 6.48 .
SIP packets randomly disappear, mainly Siemens Gigaset A510IP A540 IP A690 IP affected.
But RTP (UDP stream) also affected randomly the uploading (going out to internet) packets losts.

Did you made a rollback from Mikrotik Firmware 6.48 to older one? Does is solve the SIP traffic problem?

Sadly I confirm the problem with Several RB3011. The switch chip of ports 1-5 works erratically after the upgrade.
All my PPPoE connections on those ports (usually 1,2) started flapping.
Switching to ports 6-10 worked for me, but this is kind of serious.

Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS. I think I will revert to the older version for now
i can confirm if you roll back a software update/firmware update to 6.47.8 it does indeed fix the SIP issue with gigaset handsets
if you pinged the devices the pings would drop out randomly at the same time the sip would drop out,
i had spend a full week onsite at a single site trying to fix this issue (even arranged to purchase new handsets cuz i thought they had broken the phones)
then realizing i had done updates a week prior and after checking the comments here others having the same issue i was, i rolled it back and worked straight away!
i havent tried the DISABLE LLDP that others have suggested using the 6.48 update, but i'm hanging fire upgrading again for now until a new update next month

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 1:34 pm
by R00tKit

Did you made a rollback from Mikrotik Firmware 6.48 to older one? Does is solve the SIP traffic problem?
Hello. Yes, Going back to the previous version fixed all problems. All we can do for now is rollback and wait for the next version.

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 1:46 pm
by nostromog
I have been pulling my hair over the Pwr-line units I have recently purchased.
6.48 indeed breaks pwr-line communication completely.
Installing long-term 6.46.8 solved the issue.

Not for my pwrline power sources for mAP Lite. Those were fully broken for a number of releases, and 6.48 seem to have changed the behaviour in a positive sense, but breaking connectivity. I'm waiting for a fix in 6.48, my devices have been broken for several months, and they don't work when downgrading and no response from my support ticket.

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 2:58 pm
by DmitryT
two 2011 down, port remapped and updown loop
two 3011 down, port remapped, freezes
HEX works but freezes

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 2:59 pm
by WiesiDeluxe
Sorry i report a problem with PwrLine. After upgrade to 6.48, my two devices (model PL7411-2nD) don't pair.
After reboot, change settings, more and more.. nothing. Downgrade to long term, all change to ok. Untill 6.47.8 everything works fine.
ps: ether1, pwr-line1, wlan (off) all on bridge-local with no protocol (stp, rstp, etc...).
Same here, switching to long-term channel with v6.46.8 solved the issue with my 3 pwr-line devices.
+1 same here, worked again after downgrade to long term

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 6:12 pm
by Kiasw
rb3011 down, freezes vpn clients.

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 6:16 pm
by Kiasw
Rolling back the firmware to stable 6.46.8 solved the problem. Owners of RB3011 are very careful to upgrade to this version.

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 6:23 pm
by Kiasw
On RB951Ui-2nd, RB941-2nd-OK

Re: v6.48 [stable] is released!

Posted: Mon Jan 11, 2021 7:37 pm
by Mainale
I see I`m not alone with my issues.

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 12:58 pm
by Ivoshiee
The 60GHz link has still issues with traffic stoppage/link down. I just experienced one to see that the link was still up, but the IP-traffic was sopped. I got the supout.rif file and performed disable/enable on the 60Ghz interface. IP-traffic resumed.

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 4:09 pm
by hajde
PL7411-2nD after upgrade, dosnt connect over PCL. 5 devices same situation. Downgrade to 6.47.8 solve problem.

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 4:14 pm
by kaspi4
My 3011 started port flapping on sw6-10 since 6.48 is there any ideas?

/interface ethernet switch set switch2 cpu-flow-control=no Does not help

Image


I have sstp_server_binding (saw someone with same issues on gre tunnel)

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 4:25 pm
by hajde
Run on 6.47.8.

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 4:32 pm
by kaspi4
Run on 6.47.8.

Will try, thanks!

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 6:12 pm
by rb9999
Maybe just a stupid question... Due to all the issues in 6.48 wouldn't be better for Mikrotik to recall the release? Remove the link from download site and prevent upgrading to it in /system upgrade.
On another note.. any ETA on a release that will fix the major issues, like port flapping, 60ghz issue, memory leak in doh?

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 8:44 pm
by zelthian
with this release fans on the CRS312-4C+8XG-RM are running at max :/ any idea how ic an reduce the speed?
I also ran into this issue. I downgraded back to 6.47.8 and the fan behavior returned to "normal".

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 9:42 pm
by Cray
Issues I encountered with various MikroTik models after upgrading to 6.48 [stable]:

  • All devices: webfig always forwards after login to the new "Port Mapping" quickset page. Does not prevent config/usage, but very annoying.
  • All devices: IPSec connectivity issues (Phase 1, Phase 2, PFS - varies)
  • RB3011: ethernet port flapping (5 sec cycle)
  • CRS317: stuck at reboot, some internal services failing to start (constant errors logged), (simple .npk package downgrade does not work because all soft reboots fail!) (5 out of 8 upgraded devices failed like this!)
  • CHR: L2TP/IPSec VPN user authentications fail
  • RB4011: Some wireless clients unable to connect (short connection logged; followed by immediate disconnect)
  • + many more minor stability and random error logging issues

All of these can be resolved by downgrading back to 6.47.8; which I did for the devices under my watch. Out of 50+ devices there were only few which could be considered 100% issue free after 6.48 upgrade.

I'd say 6.48 release has to be recalled. Especially in case of CRS switches, 6.48 can brick devices so that they require manual intervention (factory reset + fw downgrade) and can not be recovered remotely.

Historically RouterOS releases have been rock-solid, but this one seems to be a complete quality assurance disaster to put it mildly.

Re: v6.48 [stable] is released!

Posted: Tue Jan 12, 2021 11:15 pm
by honzam
Maybe just a stupid question... Due to all the issues in 6.48 wouldn't be better for Mikrotik to recall the release? Remove the link from download site and prevent upgrading to it in /system upgrade.
On another note.. any ETA on a release that will fix the major issues, like port flapping, 60ghz issue, memory leak in doh?
A warning in the header would be enough.
Known issues is 6.48: port flapping on rb3011.

Is it so hard to inform users? Just one line ....

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:03 pm
by pe1chl
With this release on a hAP mini and using a HP Chromebook as a client on the WiFi, I experience regular "stuttering" of the traffic.
It is not apparent when using TCP connections and services that use a lot of buffering (e.g. Youtube), but when using a UDP stream or a TCP connection with little buffering there are regular cut-outs of up to a second in the connection.
That makes it unusable for e.g. VoIP or some of the meeting software in use in the world today.
While I have seen this happen before on certain combinations of releases and devices, this combination worked fine on 6.47 and is now severely affected on 6.48.
The signal is strong, the devices are only about a meter apart. But the connection appears to stall.
(I used a website that allows to test for packet loss and jitter, and it clearly shows the issue)

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:26 pm
by rkadmins
any ideas why upgrade causes full of errors regarding IKE2 rekey?
50+ devices upgraded, with correct setup of PFS groups on both sides, and every 30 minutes - rekey failed, OSPF goes down

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:29 pm
by erlinden
any ideas why upgrade causes full of errors regarding IKE2 rekey?
search.php?keywords=rekey&t=171035&sf=msgonly

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:37 pm
by rkadmins
any ideas why upgrade causes full of errors regarding IKE2 rekey?
search.php?keywords=rekey&t=171035&sf=msgonly
reviewed all this, found some problems, where people was wrong setup and using default proposals, and still no answer - in my case PFS group and proposals are setuped correctly, on both sides.
If on both sides in proposals PFS group is 2048 and lifetime 30, is it a mistake?

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:49 pm
by eworm
reviewed all this, found some problems, where people was wrong setup and using default proposals, and still no answer - in my case PFS group and proposals are setuped correctly, on both sides.
If on both sides in proposals PFS group is 2048 and lifetime 30, is it a mistake?
Search this thread for pfs-group=, you will find some answers.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:51 pm
by mikruser
Mountaineer
I'm sticking to Long Term for future upgrades to any critical equipment.
Mikrotik is not intended for use in any critical equipment or enterprise. Repeatedly spoken about this, for example viewtopic.php?f=2&t=165391

Why hasn't this release been removed from the downloads page?
because they don't care about user problems

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:54 pm
by Kazek
After upgrading to 6.48 I have two RB3011 with flapping ethernet ports. After downgrade to 6.47.8 the issue does not happen.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 12:58 pm
by rkadmins
reviewed all this, found some problems, where people was wrong setup and using default proposals, and still no answer - in my case PFS group and proposals are setuped correctly, on both sides.
If on both sides in proposals PFS group is 2048 and lifetime 30, is it a mistake?
Search this thread for pfs-group=, you will find some answers.
searched twice. Can you, please, post something more specific?

I have same group in profile and in proposal.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 1:15 pm
by rkadmins
any more specific ideas, regarding that is more that 50 ipsec on the server?

Client side
# jan/13/2021 13:02:56 by RouterOS 6.48
# software id = 1R3H-GDJM
#
# model = RBM33G
# serial number = A2FD0C7A4D0D
/ip ipsec policy group
add name=ikev2-group
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile
/ip ipsec peer
add address=XXXXXXXXX exchange-mode=ike2 name=datacenter profile=ikev2-profile
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2-proposal pfs-group=modp2048
/ip ipsec identity
add auth-method=digital-signature certificate=XXXXXXX generate-policy=port-strict mode-config=request-only peer=datacenter policy-template-group=ikev2-group
/ip ipsec policy
set 0 group=ikev2-group proposal=ikev2-proposal
Server side is the same exactly
/ip ipsec policy group
add name=ikev2-group
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile
/ip ipsec peer
add exchange-mode=ike2 local-address=XXXXXXXX name=ikev2-peer passive=yes profile=ikev2-profile
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2-proposal pfs-group=modp2048
/ip ipsec identity
add auth-method=digital-signature certificate=XXXXXX generate-policy=port-strict match-by=certificate mode-config=XXXXXX peer=ikev2-peer policy-template-group=ikev2-group \
    remote-certificate=XXXXXXX
/ip ipsec policy
add dst-address=0.0.0.0/0 group=ikev2-group proposal=ikev2-proposal src-address=0.0.0.0/0 template=yes

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 1:36 pm
by abajrami
Upgraded my router RouterBOARD 3011UiAS recently to v6.48 and I noticed there is an issue with interfaces.
All interfaces on switch1 Ethernet1-5 went UP and Down occasionally. Downgraded to 6.46.8 and everything is fine again. Here is the log that I saved:
Jan 4 14:11:08 RB-HOME interface,info ether1 link down
Jan 4 14:11:08 RB-HOME interface,info ether2 link down
Jan 4 14:11:08 RB-HOME interface,info ether3 link down
Jan 4 14:11:08 RB-HOME interface,info ether4 link down
Jan 4 14:11:08 RB-HOME interface,info ether5 link down
Jan 4 14:29:30 RB-HOME interface,info ether1 link down
Jan 4 14:29:30 RB-HOME interface,info ether2 link down
Jan 4 14:29:30 RB-HOME interface,info ether3 link down
Jan 4 14:29:30 RB-HOME interface,info ether4 link down
Jan 4 14:29:30 RB-HOME interface,info ether5 link down
Jan 4 14:40:52 RB-HOME interface,info ether1 link down
Jan 4 14:40:52 RB-HOME interface,info ether2 link down
Jan 4 14:40:52 RB-HOME interface,info ether3 link down
Jan 4 14:40:52 RB-HOME interface,info ether4 link down
Jan 4 14:40:52 RB-HOME interface,info ether5 link down
Jan 4 14:54:24 RB-HOME interface,info ether1 link down
Jan 4 14:54:24 RB-HOME interface,info ether2 link down
Jan 4 14:54:24 RB-HOME interface,info ether3 link down
Jan 4 14:54:24 RB-HOME interface,info ether4 link down
Jan 4 14:54:24 RB-HOME interface,info ether5 link down
Jan 4 15:20:17 RB-HOME interface,info ether1 link down
Jan 4 15:20:17 RB-HOME interface,info ether2 link down
Jan 4 15:20:17 RB-HOME interface,info ether3 link down
Jan 4 15:20:17 RB-HOME interface,info ether4 link down
Jan 4 15:20:17 RB-HOME interface,info ether5 link down
Jan 4 15:39:49 RB-HOME interface,info ether1 link down
Jan 4 15:39:49 RB-HOME interface,info ether2 link down
Jan 4 15:39:49 RB-HOME interface,info ether3 link down
Jan 4 15:39:49 RB-HOME interface,info ether4 link down
Jan 4 15:39:49 RB-HOME interface,info ether5 link down
Jan 4 15:42:10 RB-HOME interface,info ether1 link down
Jan 4 15:42:10 RB-HOME interface,info ether2 link down
Jan 4 15:42:10 RB-HOME interface,info ether3 link down
Jan 4 15:42:10 RB-HOME interface,info ether4 link down
Jan 4 15:42:10 RB-HOME interface,info ether5 link down

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 2:24 pm
by hknet
On my CRS326-24G-2S+ after updating I no longer have any interfaces nor will the device reboot cleanly.

This is the output from terminal:
[admin@CRS326] > /interface
[admin@CRS326] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                TYPE       ACTUAL-MTU L2MTU
[admin@CRS326] /interface> /system reboot
Reboot, yes? [y/N]:
y
system will reboot shortly

Rebooting...
failed to stop ipsec: std failure: timeout (13)
failed to stop route: std failure: timeout (13)
Same Issue here, i've removed all lacp bonding interfaces from the bridge, after that, the switch worked fine, so i downgraded to the last 6.47.x

I've also tried a factory reset and reconfiguration with a export backup .... same issue.
hit the same problem with CRS317 - had to field-replace as remote-recovery was not possible.... this is bad and support didn't even seem to know about this issue.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 3:00 pm
by sindy
any more specific ideas, regarding that is more that 50 ipsec on the server?
My understanding of the references to pfs-group in the current topic and in the one @eworm refers to (in a post which itself does not contain the keyword pfs) is the following:
  • pfs is always used in IKEv2
  • if you set the pfs-group parameter of proposal to none, the same DH group and the same key used during Phase 1 to establish the first Phase 2 SA is used also for all subsequent rekeyings of the Phase 2 SA
  • if you set the pfs-group parameter of proposal to anything else than none, the configured one was used for rekeyings at least until 6.48; even if the DH-group set in the proposal was the same like in profile (for Phase 1), the key used has been regenerated and used for all the rekeyings; this is possibly breaking the IKEv2 RFC
Hence setting pfs-group in proposal to none at both peers should resolve your issue yet not prevent use of PFS for rekeying if exchange-mode=ike2 is used

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 3:06 pm
by rkadmins
any more specific ideas, regarding that is more that 50 ipsec on the server?
My understanding of the references to pfs-group in the current topic and in the one @eworm refers to (in a post which itself does not contain the keyword pfs) is the following:
  • pfs is always used in IKEv2
  • if you set the pfs-group parameter of proposal to none, the same DH group and the same key used during Phase 1 to establish the first Phase 2 SA is used also for all subsequent rekeyings of the Phase 2 SA
  • if you set the pfs-group parameter of proposal to anything else than none, the configured one was used for rekeyings at least until 6.48; even if the DH-group set in the proposal was the same like in profile (for Phase 1), the key used has been regenerated and used for all the rekeyings; this is possibly breaking the IKEv2 RFC
Hence setting pfs-group in proposal to none at both peers should resolve your issue yet not prevent use of PFS for rekeying.
So in my case, when pfs-group is defined on both sides equal to 2048, why there are problems with rekey?
I posted my setup already, and readed a lot of cases, still not clear, if from both sides are the same pfs-group in proposal, what is wrong, or what is the purpose to use this group at all.
Always was thinking, that proposals must be exactly the same, from both sides of ipsec, am i wrong??

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 3:12 pm
by sindy
Always was thinking, that proposals must be exactly the same, from both sides of ipsec, am i wrong??
Correct, they must be the same at both sides. However, it seems 6.48 has a problem if you ask it not to use the pfs key from the initial establishment of Phase 2 by specifying a value in pfs-group in proposal (albeit the same one as in dh-group in profile), and that this problem doesn't show up if you set pfs-group to none.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 3:16 pm
by rkadmins
Always was thinking, that proposals must be exactly the same, from both sides of ipsec, am i wrong??
Correct, they must be the same at both sides. However, it seems 6.48 has a problem if you ask it not to use the pfs key from the initial establishment of Phase 2 by specifying a value in pfs-group in proposal (albeit the same one as in dh-group in profile), and that this problem doesn't show up if you set pfs-group to none.
So am i right, that it is not my wrong setup, this is bug of 6.48? Already posted those questions in support, because resetup of more than 50 routers, is a huge work, want to be sure, that changing one side proposal pfs to none will solve this issue.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 6:26 pm
by sindy
Changing it at one peer in a pair only will not solve the issue. It must be changed at both peers. Whether it is a bug introduced or a bug fixed is unclear to me.

Re: v6.48 [stable] is released!

Posted: Wed Jan 13, 2021 9:33 pm
by rkadmins
Changing it at one peer in a pair only will not solve the issue. It must be changed at both peers. Whether it is a bug introduced or a bug fixed is unclear to me.
downgraded server (CHR) to 6.47.8 and no errors. Will wait for the fix of this.

Re: v6.48 [stable] is released!

Posted: Thu Jan 14, 2021 3:57 am
by anesthc
Yet another issue with IKEv2 I'm just facing.
EAP-TLS authentication was working previously but now it fails with
ipsec,error invalid MSK length
in Mikrotik logs.

Re: v6.48 [stable] is released!

Posted: Thu Jan 14, 2021 12:07 pm
by pe1chl
With this release on a hAP mini and using a HP Chromebook as a client on the WiFi, I experience regular "stuttering" of the traffic.
I have downgraded to 6.47.8 and the issue is resolved.
Some more detail: when this problem occurs, the connection appears "dead" for 1-2 seconds every 10-15 seconds or so. The traffic just stops, and when it resumes some (but not all) packets are still delivered but by then are over a second late, so normally useless.
After the downgrade there of course is still some jitter, as always on WiFi when an occasional re-try is required, but those dead stop intervals disappear. It looks like maybe the re-try algorithm or timing has been changed in 6.48 with this unfortunate effect.

Re: v6.48 [stable] is released!

Posted: Thu Jan 14, 2021 1:58 pm
by gutekpl
hEX PoE lost health info in 6.48
hex.PNG

Re: v6.48 [stable] is released!

Posted: Thu Jan 14, 2021 2:00 pm
by rkadmins
any more specific ideas, regarding that is more that 50 ipsec on the server?

Client side
# jan/13/2021 13:02:56 by RouterOS 6.48
# software id = 1R3H-GDJM
#
# model = RBM33G
# serial number = A2FD0C7A4D0D
/ip ipsec policy group
add name=ikev2-group
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile
/ip ipsec peer
add address=XXXXXXXXX exchange-mode=ike2 name=datacenter profile=ikev2-profile
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2-proposal pfs-group=modp2048
/ip ipsec identity
add auth-method=digital-signature certificate=XXXXXXX generate-policy=port-strict mode-config=request-only peer=datacenter policy-template-group=ikev2-group
/ip ipsec policy
set 0 group=ikev2-group proposal=ikev2-proposal
Server side is the same exactly
/ip ipsec policy group
add name=ikev2-group
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile
/ip ipsec peer
add exchange-mode=ike2 local-address=XXXXXXXX name=ikev2-peer passive=yes profile=ikev2-profile
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2-proposal pfs-group=modp2048
/ip ipsec identity
add auth-method=digital-signature certificate=XXXXXX generate-policy=port-strict match-by=certificate mode-config=XXXXXX peer=ikev2-peer policy-template-group=ikev2-group \
    remote-certificate=XXXXXXX
/ip ipsec policy
add dst-address=0.0.0.0/0 group=ikev2-group proposal=ikev2-proposal src-address=0.0.0.0/0 template=yes
Got the response from support - this is a BUG, will be fixed in next version of RouterOS

Re: v6.48 [stable] is released!

Posted: Thu Jan 14, 2021 9:52 pm
by Chaosphere64
hEX PoE lost health info in 6.48
hex.PNG
I can confirm that and add the fact that this has to do with firmware 6.48. RouterOS 6.48 with Firmware 6.47.8 on a hEX PoE has health info as it should.

Re: v6.48 [stable] is released!

Posted: Thu Jan 14, 2021 11:05 pm
by leonardogyn
Have tried on different mikrotik boxes, different browsers, and got the same result with all of them: with 6.48, using the web interface, I cannot create new VLANs anymore with Interfaces/VLAN/Add New. Clicking on the "Add New" button changes the URL to "#Interfaces.VLAN.new" and nothing happens. From Interfaces, interface tab, select Add New, choose VLAN on the dropdown menu, the new VLAN screen is presented (with a different URL, now "#Interfaces.Interface.new.VLAN", but always gives "Couldn't add New Interface - unsupported device type (6)" when creating a new one.

With winbox, everything is OK and working as expected. From the web interface, however, I could not create new VLANs at all on 6.48.

Re: v6.48 [stable] is released!

Posted: Fri Jan 15, 2021 11:41 pm
by Chupaka
I can confirm that and add the fact that this has to do with firmware 6.48. RouterOS 6.48 with Firmware 6.47.8 on a hEX PoE has health info as it should.
And it's still available in CLI...

Re: v6.48 [stable] is released!

Posted: Sun Jan 17, 2021 12:09 pm
by zsolna
After upgrade to 6.48 lost the neighbours.

/interface bridge add fast-forward=no name=br_bone protocol-mode=none pvid=999 vlan-filtering=yes
/interface bridge port add bridge=br_bone frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp2-uplink
/interface bridge vlan add bridge=br_bone tagged=sfp2-uplink vlan-ids=999

=> /interface bridge vlan> print
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 br_bone 999 sfp2-uplink br_bone

/interface list add name=admin
/interface list member add interface=br_bone list=admin
/ip neighbor discovery-settings set discover-interface-list=admin

We use 4 same CRS326, with same config, the uplink port is the sfp2. All sfp2 connected to a CRS317 (with same bridge config, like the CRS326 for all SFP).
Before the upgrade, over VLAN 999, the discovery worked without any problem.

Any idea?

I tried
- interface list set to all
- turn on/off LLDP

Re: v6.48 [stable] is released!

Posted: Sun Jan 17, 2021 12:27 pm
by nwa
is downgrade to long term still the only way to fix the fails with all my rb2011 ?
why the firmware is still available? its broken and has to stop the rollout.
i don't remember that mt handle his problems like that in all the years...

Re: v6.48 [stable] is released!

Posted: Sun Jan 17, 2021 12:30 pm
by pe1chl
is downgrade to long term still the only way to fix the fails with all my rb2011 ?
why the firmware is still available? its broken and has to stop the rollout.
i don't remember that mt handle his problems like that in all the years...
It often goes like this when a new test version is promoted to stable.
As an end-user, remember never upgrade to a 6.xx version when it becomes the new stable, wait for the 6.xx.1 or 6.xx.2 version.
And look in the forum to see how well that is being received.

Re: v6.48 [stable] is released!

Posted: Sun Jan 17, 2021 2:18 pm
by acidvenom
is downgrade to long term still the only way to fix the fails with all my rb2011 ?
why the firmware is still available? its broken and has to stop the rollout.
i don't remember that mt handle his problems like that in all the years...
Upload necessary files of v6.47.8 and click "Downgrade" in section "Packages". Check FW after reboot and do not upgrade teel next release.

Re: v6.48 [stable] is released!

Posted: Sun Jan 17, 2021 6:44 pm
by LucZWFM
For me PPP is broken on a RB 2011, RB3011 and a RB941.
Anyone with the same issue?

Re: v6.48 [stable] is released!

Posted: Mon Jan 18, 2021 10:56 am
by jebz
%UserProfile%\AppData\Roaming\Mikrotik\Winbox
lists 6.48rc2 as the folder for ROS 6.48 data files.

Re: v6.48 [stable] is released!

Posted: Tue Jan 19, 2021 10:49 pm
by Ivoshiee
As a general rule then for the MT the select releases are usable and avoid using too large set of "supported" set of functions - one of then shall be broken, granted. Thus I've removed MT from the center of my network and using them only as access devices. Even there are issues, always.

Re: v6.48 [stable] is released!

Posted: Tue Jan 19, 2021 11:40 pm
by WishMaster
Confirmed, v6.48 is not OK with RB3011. It keeps disconnect and connect the active ports. Had do rollback it. Waiting for new "stable" release.

Re: v6.48 [stable] is released!

Posted: Wed Jan 20, 2021 12:58 am
by Chupaka
Thus I've removed MT from the center of my network and using them only as access devices. Even there are issues, always.
As you're in 6.48 discussion topic, looks like you don't use long-term release channel...

Re: v6.48 [stable] is released!

Posted: Wed Jan 20, 2021 10:44 am
by Ivoshiee
Thus I've removed MT from the center of my network and using them only as access devices. Even there are issues, always.
As you're in 6.48 discussion topic, looks like you don't use long-term release channel...
Majority of my boxes are on v6.36.3 and the v6.48 is set for the 60GHz devices, in hope of the radiolink stability, but it is still failing on that.

Re: v6.48 [stable] is released!

Posted: Wed Jan 20, 2021 2:14 pm
by newmark
Where can I find the latest version of the MIKROTIK-MIB including changes in version 6.48?
File from link https://box.mikrotik.com/f/a41daf63d0c14347a088/?dl=1 was updated 15-SEP-2020

Re: v6.48 [stable] is released!

Posted: Wed Jan 20, 2021 7:41 pm
by npeca75
SNMP -> Trap send report an error
/snmp send-trap oid=2.1.1.1 type=integer value=1
log:
error - contact MikroTik support and send a supout file (3)

trap are sent, and correctly received
host: UDP: [169.254.2.2]:59262->[169.254.101.212]:162
ip:   UDP: [169.254.2.2]:59262->[169.254.101.212]:162
.1.3.6.1.2.1.1.3.0 => 25:21:53:43.98
.1.3.6.1.6.3.1.1.4.1.0 => .1.3.6.1.4.1.14988.1.1.9.0.1
.2.1.1.1 => 1
but there is a big RED line in Log
script error: error - contact MikroTik support and send a supout file (3)

Re: v6.48 [stable] is released!

Posted: Fri Jan 22, 2021 3:40 pm
by icsterm
Waiting patienly for the next "beta" release, the DoH memory leak is painful, every few days my hap ac2 needs restart because the 256MB of RAM is not enough, it sometime eats 10MB per hour, this didn't happen when 6.48 was beta (actual release branch).

Re: v6.48 [stable] is released!

Posted: Sat Jan 23, 2021 1:31 pm
by RiccardoM
Hi R00tKit,
we are experiencing similar problems, with CCR1016-12S-1S+ , since upgrade to 6.48 .
SIP packets randomly disappear, mainly Siemens Gigaset A510IP A540 IP A690 IP affected.
But RTP (UDP stream) also affected randomly the uploading (going out to internet) packets losts.

Did you made a rollback from Mikrotik Firmware 6.48 to older one? Does is solve the SIP traffic problem?

Sadly I confirm the problem with Several RB3011. The switch chip of ports 1-5 works erratically after the upgrade.
All my PPPoE connections on those ports (usually 1,2) started flapping.
Switching to ports 6-10 worked for me, but this is kind of serious.

Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS. I think I will revert to the older version for now
i can confirm if you roll back a software update/firmware update to 6.47.8 it does indeed fix the SIP issue with gigaset handsets
if you pinged the devices the pings would drop out randomly at the same time the sip would drop out,
i had spend a full week onsite at a single site trying to fix this issue (even arranged to purchase new handsets cuz i thought they had broken the phones)
then realizing i had done updates a week prior and after checking the comments here others having the same issue i was, i rolled it back and worked straight away!
i havent tried the DISABLE LLDP that others have suggested using the 6.48 update, but i'm hanging fire upgrading again for now until a new update next month
I experienced the same SIP problem with my Siemens handsets A540, went back to 6.47.8 to fix the problems, spent about 4 hours troubleshooting, I have logged a support call with mikrotik,
hopefully others will also log faults to prioritize the fix

Re: v6.48 [stable] is released!

Posted: Sat Jan 23, 2021 3:39 pm
by boldsuck
Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS.
My Gigaset could no longer register with my provider. Disable MNDP solved the problem.
Gigaset C450 IP + RB2011UAS works here with:
/ip neighbor discovery-settings set protocol=cdp
or
/ip neighbor discovery-settings set protocol=cdp,lldp

Re: v6.48 [stable] is released!

Posted: Mon Jan 25, 2021 10:10 am
by Nevon
Updated our CRS328-4C-20S and CRS326-24S+ and we got problem that randomly freezing connectivity in the network. We notised it by SIP stream and other UDP services that disconnected.
Downgraded to 6.47.8 and no problem notised yet..

Re: v6.48 [stable] is released!

Posted: Mon Jan 25, 2021 7:52 pm
by acidvenom
So it's been a month. Any ETA so far?

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 9:26 am
by TosLin
Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS.
My Gigaset could no longer register with my provider. Disable MNDP solved the problem.
Gigaset C450 IP + RB2011UAS works here with:
/ip neighbor discovery-settings set protocol=cdp
or
/ip neighbor discovery-settings set protocol=cdp,lldp
This solution works.

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 9:48 am
by Cray
It is unbelievable that this release has not been pulled already or fixed version released for a full month.

6.48 breaks so many features on so many different MikroTik device models that it must have a dramatic effect on new customers and new devices being installed.

Most of the posts in this forum talk about RB3011 port flapping issues, but nobody seems to notice that 6.48 (nearly-)bricks CRS3xx devices, breaks VPNs, breaks IPSec tunneling, causes issues with wireless connectivity - and list goes on - on wide range of MikroTik models. Only commonality is that all of these issues can be mitigated by downgrading to 6.47.8. I've encountered these issues first-hand on installed customer devices and not only by reading other peoples posts.

For pro users it is not difficult to analyze the issue and downgrade, but I'm worried about new non-pro buyers who upgrade their new devices. Plus in CRS3xx case downgrade requires manual on-site intervention due to 6.48 reboot bug.

Wake up MikroTik! Issue some kind of statement, pull the release or release wide-ranging fix asap!

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 9:50 am
by anuser
Thinkpad T480s with Windows 10 and Intel Dual Band 8265 (2x2 AC): Lower throughput with cAP ac running v6.48 either 2.4 or 5.0GHz => Back to v6.46.8.

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 12:27 pm
by VasyaKot
Edit: After several days I have customers reporting SIP connectivity problems with their Gigaset handsets as well. These have RB2011UiAS.
My Gigaset could no longer register with my provider. Disable MNDP solved the problem.
Gigaset C450 IP + RB2011UAS works here with:
/ip neighbor discovery-settings set protocol=cdp
or
/ip neighbor discovery-settings set protocol=cdp,lldp
Thank you very much! It solved my problem with my RB951 (hap ac and hap ac lite too) and gigaset A540 A510 C610

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 2:19 pm
by shavenne
It is unbelievable that this release has not been pulled already or fixed version released for a full month.
I'm new to Mikrotik and I've changed many devices in my network quite (too) fast. Now I'm quite shocked what's called stable here. I'm even not seeing a warning or similar that this release .. well ... sucks basically. Which 'normal user' looks in this forum before he upgrades to this version?!
Not pulling it back, no real statement, and also not giving any ETA seems all very intransparent. Makes me afraid that I totally made the wrong choice.

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 6:02 pm
by hatred
No one promised that using MikroTik would be easy. Only in struggle network engineer is born.

Re: v6.48 [stable] is released!

Posted: Tue Jan 26, 2021 6:16 pm
by markwien
this realease was not able to perform basic layer 1 features. ARP issues - outage. i had to downgrade to 6.47 now all services are back up.

Mikrotik please test your software!!!

Re: v6.48 [stable] is released!

Posted: Wed Jan 27, 2021 1:55 am
by Cray
I'm new to Mikrotik and I've changed many devices in my network quite (too) fast. Now I'm quite shocked what's called stable here. I'm even not seeing a warning or similar that this release .. well ... sucks basically. Which 'normal user' looks in this forum before he upgrades to this version?!
Not pulling it back, no real statement, and also not giving any ETA seems all very intransparent. Makes me afraid that I totally made the wrong choice.

I do not believe that you made wrong choice with MikroTik - but I admit that the situation with 6.48 quality is highly unusual for them. I've been using MikroTik devices professionally for the past decade and have never seen anything like this.

In my experience stable releases have been issue free and generally safe to upgrade as-is. In the case of 6.48 this assumption was wrong - very much so.

As usual, I upgraded lot of devices remotely to "the latest stable" only to scramble to do remote and on-site downgrades as soon as possible due to wide range of connectivity and stability issues that followed. Angry mob calmed and lessons learned.

However, if you want to see how great MikroTik really is (and it is), use 6.47.8 for now. This new release line does not (yet) represent my personal positive experience with MikroTik.

Re: v6.48 [stable] is released!

Posted: Wed Jan 27, 2021 7:37 am
by acidvenom
I'm using MT's for past 7 years. VPNs, OSPF, IKEv2, NV2, etc. So much in a box for $40? And a human console? MT is my choice.
Something is broken from release to release, upgrade carefully, grab backup to your computer.
If you need anything MORE stable - go to Zyxel with their zyfwp.