Page 1 of 1

v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 10:51 am
by emils
RouterOS version 6.48.1 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48.1 (2021-Feb-03 10:54):

*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 11:42 am
by si458
does this release include the fix for the sip issue with discovery?

viewtopic.php?f=21&t=171035&p=840901&hi ... et#p840552

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 11:43 am
by blazej44800
What about RB3011 port flapping re-introduced in 6.48?

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 11:54 am
by Jotne
Is DoH memory leakage fix?

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 12:10 pm
by EdPa
A fix for SIP related issue is not included in this release, but it is available in the 6.49beta11.

If an upgrade to the testing version is not available, try disabling MNDP in neighbor discovery settings, see command below:
/ip neighbor discovery-settings set protocol=cdp,lldp

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 12:12 pm
by si458
A fix for SIP related issue is not included in this release, but it is available in the 6.49beta11.

If an upgrade to the testing version is not available, try disabling MNDP in neighbor discovery settings, see command below:
/ip neighbor discovery-settings set protocol=cdp,lldp
i just disabled the neighbor completely, as i couldn't understand what use it had other then showing other mikrotik routers/switches
and a few of our cisco spa voip phones

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 12:30 pm
by Kindis
What about RB3011 port flapping re-introduced in 6.48?
It's this one
) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 12:48 pm
by blazej44800
What about RB3011 port flapping re-introduced in 6.48?
It's this one
) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
Ou, I missed that. Thanks!

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 1:25 pm
by msatter
A fix for SIP related issue is not included in this release, but it is available in the 6.49beta11.

If an upgrade to the testing version is not available, try disabling MNDP in neighbor discovery settings, see command below:
/ip neighbor discovery-settings set protocol=cdp,lldp
i just disabled the neighbor completely, as i couldn't understand what use it had other then showing other mikrotik routers/switches
and a few of our cisco spa voip phones
I use it to be enable to connect with Winbox to a router that is not in the same network segment when only MAC initiated traffic is possible.

More info here in the Wiki: https://wiki.mikrotik.com/wiki/Manual:I ... _discovery

Try it with only MNDP disabled to ignore Cisco devices.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 2:11 pm
by nordic
Problem with DoH was not fixed ?! omg

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 2:21 pm
by DarkNate
Problem with DoH was not fixed ?! omg
Use a separate device. I use a Pi, with dnscrypt-proxy running for DoH and Pi-Hole as the DNS Sinkhole. Uptime more than 8 months excluding updates/firmware patches/reboots.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 2:28 pm
by nordic
Problem with DoH was not fixed ?! omg
Use a separate device. I use a Pi, with dnscrypt-proxy running for DoH and Pi-Hole as the DNS Sinkhole. Uptime more than 8 months excluding updates/firmware patches/reboots.
yes i know, this is an solution, i'm able to do that only at my home. But i have also 10 devices where i need it too.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 2:45 pm
by npeca75
could not upgrade from 48 to 48.1

kernel failure in previous boot
rb3011

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 3:18 pm
by Cray
Installed 6.48.1 to test device and first thing I noticed is that this Web UI bug introduced in 6.48 is still present in 6.48.1:

- By default /webfig/ URL (default after fresh login) always forwards to "QuickSet / Port Mapping" configuration options.

This happens even if Quick Set has been disabled and menu entries hidden in the UI.
Bug does not seem to affect functionality but is very annoying.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 3:30 pm
by Kindis
Upgraded the following units from 6.47.8
Two 3011
One RB750Gr3
One cAP AC

No issues and full production has been moved to these units. Will see during the weekend how all looks.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 4:23 pm
by npeca75
could not upgrade from 48 to 48.1

kernel failure in previous boot
rb3011
And, after all, the 48 -> 49b11 -> 48.1 was worked

So i am SICK !!! from stable branch
Please, rename it to Beta

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 4:27 pm
by kalamaja
No issues and full production has been moved to these units. Will see during the weekend how all looks.
Upgrading production systems 3.5 hours after new release at Friday afternoon.. what can go wrong and who would be guilty.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 4:35 pm
by shavenne
Problem also remains in this version.

Edit by moderator:
Please DO stop posting and quoting same set of quotes of quotes.
You have been already warned.
It is users' forum, not Mikrotik's staff one. Send e-mails directly to support.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 7:00 pm
by acidvenom
A bunch of haP ac2, SXT, wAP, etc. updated.
So far so good.
IKEv2 is stable.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 7:02 pm
by shavenne
Problem also remains in this version.

Edit by moderator:
Please DO stop posting and quoting same set of quotes of quotes.
You have been already warned.
It is users' forum, not Mikrotik's stuff one. Send e-mails directly to support.
I'm sorry, but I've no idea which moderator made this edit so I can't ask directly, so: Could you please tell me when and how was I being warned? I think I wasn't informed at all so I was thinking I forgot to post it! So I reposted it! That's it! I've made this set of quotes to not leave any information behind.
Of course you can delete this message here after reading but please message me the way you've warned me so I'll catch it next time ..

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 7:19 pm
by DarkNate
Problem also remains in this version.

Edit by moderator:
Please DO stop posting and quoting same set of quotes of quotes.
You have been already warned.
It is users' forum, not Mikrotik's stuff one. Send e-mails directly to support.
I'm sorry, but I've no idea which moderator made this edit so I can't ask directly, so: Could you please tell me when and how was I being warned? I think I wasn't informed at all so I was thinking I forgot to post it! So I reposted it! That's it! I've made this set of quotes to not leave any information behind.
Of course you can delete this message here after reading but please message me the way you've warned me so I'll catch it next time ..
MikroTik support isn't any better, factually. Proof here: viewtopic.php?f=2&t=171390#p838707

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 05, 2021 9:13 pm
by gsbiz
Again, the DoH memory leak isn't fixed. Sigh.

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 12:01 am
by elevendroids
Webfig seems to have some issues - "Add New" buttons do nothing on the following tabs:
  • "Wireless": "WiFi Interfaces", "W60G Station" and "Nstreme Dual"
  • "Interface": "EoIP Tunnel", "IP Tunnel", "GRE Tunnel", "VLAN", "VRRP", "Bonding"
The only thing that changes is the element id in the browser's URL box.

In example, I've opened the VLAN tab in the Interface section:
http://ap-test/webfig/#Interfaces.VLAN

After clicking the "Add New" button, the URL changes to:
http://ap-test/webfig/#Interfaces.VLAN.new

But nothing happens on the page itself.
Web Console in the browser spits out this error (Firefox 85.0):
Uncaught TypeError: map.setDefaultConf is not a function
createPane http://ap-test/webfig/master-min-d4f93cc8bdee.js:1190
updateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1200
generateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1204
openContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1205
onclick http://ap-test/webfig/master-min-d4f93cc8bdee.js:1137
create http://ap-test/webfig/master-min-d4f93cc8bdee.js:1137
open http://ap-test/webfig/master-min-d4f93cc8bdee.js:1125
updateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1200
generateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1204
onload http://ap-test/webfig/:1
master-min-d4f93cc8bdee.js:1190:323
createPane http://ap-test/webfig/master-min-d4f93cc8bdee.js:1190
updateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1200
generateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1204
openContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1205
onclick http://ap-test/webfig/master-min-d4f93cc8bdee.js:1137
(Async: EventHandlerNonNull)
create http://ap-test/webfig/master-min-d4f93cc8bdee.js:1137
open http://ap-test/webfig/master-min-d4f93cc8bdee.js:1125
updateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1200
generateContent http://ap-test/webfig/master-min-d4f93cc8bdee.js:1204
onload http://ap-test/webfig/:1
...and on Chrome 88
Uncaught TypeError: map.setDefaultConf is not a function
at Object.container.map.createPane (master-min-d4f93cc8bdee.js:1190)
at updateContent (master-min-d4f93cc8bdee.js:1200)
at generateContent (master-min-d4f93cc8bdee.js:1204)
at openContent (master-min-d4f93cc8bdee.js:1205)
at HTMLAnchorElement.b.onclick (master-min-d4f93cc8bdee.js:1137)

Curiously, all of the above work fine when selected from the "Add New..." dropdown on the "Interfaces/Interface" tab - in this case "VLAN" opens:
http://ap-test/webfig/#Interfaces.Interface.new.VLAN

Issue seems to be introduced on v6.48 - on v6.47.8 this works fine.
Reproduced on hAP ac and CRS326-24G-2S+

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 12:56 am
by Cray
could not upgrade from 48 to 48.1

kernel failure in previous boot
rb3011
Did you do any reboots with 6.48 before this upgrade?

The reboot failures with various models (RB3011 and CRS9x) is issue related to the first 6.48 release.

I have not yet tested if fresh install of 6.48.1 reboot bricks these devices - and if so - what percentage of them. 6.48 reboot bricked ~50% of the devices I tested.

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 2:23 am
by npeca75
could not upgrade from 48 to 48.1

kernel failure in previous boot
rb3011
Did you do any reboots with 6.48 before this upgrade?

The reboot failures with various models (RB3011 and CRS9x) is issue related to the first 6.48 release.

I have not yet tested if fresh install of 6.48.1 reboot bricks these devices - and if so - what percentage of them. 6.48 reboot bricked ~50% of the devices I tested.
Hi @Cray
no, i don't dare to make reboots. It is in production, and that was my mistake to rush on 6.48
i wanted PPP->Remote IPv6 prefix/IPv6 Routes features to finaly replace old scripts and without thinking pushed Upgrade button
what an idiot
From this point, my rock solid 3011 started to flap ports, and instead of rebooting i played with enable/disable to make them back to life
but now, 6.48.1 seem to solve this problem, only strange thing was upgrade path :D
48 -> 49b11 -> 48.1 was worked
could not go straight from 48 to 48.1

so i hope my nightmare is over

i will not push the Upgrade button until next year.

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 2:51 am
by dioeyandika
after upgrade winbox system health show temp and voltage but after i upgrade system >>routerboard>>upgrade and reboot the system health blank again like previous version
750.JPG

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 2:53 am
by Ferrograph
Two RB3011 units severely effected by 6.48 and updating to 6.48.1 did not fix, had to roll back to 6.47.8.

One RB3011 became unstable with port flapping but was kind of working long enough to be useful.

Another RB3011 rebooting with the kernel message, port flapping, and ports 6-10 were non operational. Impossible to downgrade - in the end I had to hook up to the console and Netinstall

This is first time i've had such a bad upgrade experience and I updated looking to get a fix for the issue with wireless clients not getting DHCP replies. It seems that MT never tested this release on RB3011, or did not test it properly. This is a very worrying development especially as this branch is supposed to be "stable". Today this cost me the whole day sorting one unit out as it ran the network for a very busy office.

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 4:08 am
by icsterm
Why is the DoH leak still not fixed? We asked for a fix a month ago.

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 6:01 am
by Kaldek
Installed 6.48.1 to test device and first thing I noticed is that this Web UI bug introduced in 6.48 is still present in 6.48.1:

- By default /webfig/ URL (default after fresh login) always forwards to "QuickSet / Port Mapping" configuration options.

This happens even if Quick Set has been disabled and menu entries hidden in the UI.
Bug does not seem to affect functionality but is very annoying.
I raised a support ticket for this and ended up getting told to do a Netinstall. I closed the ticket.

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 3:39 pm
by anesthc
IKEv2 rekey issue fixed only partially.
I'm still facing it when connect Mikrotik to Mikrotik with EAP (eap-radius with mschapv2 on gateway side) and pfs-group set in proposal. At rekey it says "SA expired during rekey". Certificates works fine, though.


And there's another issue (not related to rekey) comes up since 6.48 as well: EAP-TLS remains broken (invalid MSK length)

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 4:17 pm
by leonardogyn
Adding to the info I posted on the 6.48 thread and posting here again, as there's no fix related to that on 6.48.1 and also 6.49rc. Queue packets are really overflowing on the 32 bit signed integer limit, screenshot was taken with 6.48 on a RB1100AHx2. Not easy to reproduce, for sure, by the amount of packets required. On this RB, it took about 40 days to reach that 2,14 billion packet mark on the queue trees.
.
Captura de tela 2021-02-05 212155.jpg

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 06, 2021 4:21 pm
by eddieb
Upgrading all my devices from 6.47.8 to 6.48.1 went smooth, no problems.

Running 6.48.1 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, PWR-LINE-AP, RB750Gr3 running dude

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 12:24 pm
by pe1chl
no, i don't dare to make reboots. It is in production, and that was my mistake to rush on 6.48
i wanted PPP->Remote IPv6 prefix/IPv6 Routes features to finaly replace old scripts and without thinking pushed Upgrade button
what an idiot
From this point, my rock solid 3011 started to flap ports, and instead of rebooting i played with enable/disable to make them back to life
but now, 6.48.1 seem to solve this problem, only strange thing was upgrade path :D
48 -> 49b11 -> 48.1 was worked
could not go straight from 48 to 48.1
When you have a router like that in production, you should partition it so you can always go back to a stable situation without problem.
Of course enabling partitioning in a device in production is a risk as well, it will require at least one reboot and it may further disturb the device, so it is best done BEFORE you put it in production.
But at least, when you have clicked upgrade and it was a mistake, you can go back (when you have done a partition 0->1 copy before you clicked upgrade).

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 1:25 pm
by profKWL
IP Service List > Available From no longer do it's function.
Since I update to 6.48.1[stable] on my Hex S, all IPs can now connect to Winbox.

Reverted back to 6.46.8[long term] and is working again. No other IPs can connect to Winbox other than listed on "Available From".

Image

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 1:29 pm
by eddieb
you should not use that as only defense,
you should use firewall rules to protect your management interfaces

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 1:39 pm
by saaremaa
CCR1009-8G-1S FW 6.48.1 PPPoE server drops connection with client every minute

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 2:46 pm
by DenisPDA
you should not use that as only defense,
you should use firewall rules to protect your management interfaces
What do you mean shouldn't ???
What is this option for then ???

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 6:32 pm
by Jotne
What is this option for then ???
You should not trust it, alt least not from public internet.
Some time ago thousands of router was hacked trough bug in software using WinBox port!!!!
From internet, you should use VPN.
I VPN is not an option at all, then follow this:

1. Use another port than default. Do NOT use 8291.
2. Use port knocking. This prevents someone from seeing open ports.
3. Use a long and good password.
4. Use access list to prevent any random internet from accessing your router.
5. Log everything. (See my signature for example.)
6. Upgrade firmware to latest stable release
7. ++++

----------------------------------

 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 7:06 pm
by eworm
BTW, the copyright needs to be updated for 2021... It still reads:
MikroTik RouterOS 6.48.1 (c) 1999-2020       http://www.mikrotik.com/
(And when you are at it... How about changing the url to https?)

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 8:40 pm
by npeca75
When you have a router like that in production, you should partition it so you can always go back to a stable situation without problem.
Of course enabling partitioning in a device in production is a risk as well, it will require at least one reboot and it may further disturb the device, so it is best done BEFORE you put it in production.
But at least, when you have clicked upgrade and it was a mistake, you can go back (when you have done a partition 0->1 copy before you clicked upgrade).
Well, here we go again ...

it is my ? fault to not partition RB in advance ?
or it is MKT fault that release "stable" release with missing features, port flapping, kernel failure etc etc ...

no, it is not !!! my fault

if i install from "beta" branch, then it is my fault
if i install from "stable" branch ...

but, as in past, we never could agreed that MKT is doing wrong things
so, this time will be the same
according to your writing it is user fault to not thinkink in advance: what if MKT release faulty SW? do i have 3 pcs of RB3011 for backup sitting in closet for any case ? it is full moon today ?

no, no, always blame the user

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 9:18 pm
by pe1chl
Well, here we go again ...

it is my ? fault to not partition RB in advance ?
Completely irrelevant! It is your own responsibility to ensure that you can operate your equipment at sufficient availability for your network.
That includes being responsible for backups, rollback possibilities, spare hardware in case it breaks, and also if software is suitable for your purpose.
You cannot shift that responsibility to someone else, and certainly not to a supplier.

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 9:48 pm
by npeca75
[/quote]
Completely irrelevant! It is your own responsibility to ensure that you can operate your equipment at sufficient availability for your network.
That includes being responsible for backups, rollback possibilities, spare hardware in case it breaks, and also if software is suitable for your purpose.
You cannot shift that responsibility to someone else, and certainly not to a supplier.
[/quote]

look @pe1chl
lets try to make things clear

my native language is not English, but i know well what word "stable" mean
but maybe i am wrong, who know
now, would you be so kind to explain what "stable" mean in your world ? port flapping ? kernel faults ?

and, no, i don't want any other answer
straight one, meaning of word stable is ...

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 10:12 pm
by anav
BTW, the copyright needs to be updated for 2021... It still reads:
MikroTik RouterOS 6.48.1 (c) 1999-2020       http://www.mikrotik.com/
(And when you are at it... How about changing the url to https?)
Very observant worm!! +30 points for House of Invertebrate! ;-)

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 10:13 pm
by anav
Completely irrelevant! It is your own responsibility to ensure that you can operate your equipment at sufficient availability for your network.
That includes being responsible for backups, rollback possibilities, spare hardware in case it breaks, and also if software is suitable for your purpose.
You cannot shift that responsibility to someone else, and certainly not to a supplier.
...
look @pe1chl
lets try to make things clear

my native language is not English, but i know well what word "stable" mean
but maybe i am wrong, who know
now, would you be so kind to explain what "stable" mean in your world ? port flapping ? kernel faults ?

and, no, i don't want any other answer
straight one, meaning of word stable is ...
All the points pelchi made are quite valid for any business setup. For a homeowner, however I have tons of sympathy and can only recommend use the LONGTERM firmware as your best option.

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 08, 2021 10:19 pm
by acidvenom
and, no, i don't want any other answer
straight one, meaning of word stable is ...
Stable is don't be a pussy man! Stop complaining, you'll better send a bug report.

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 12:14 am
by bpwl
"Stable" . What's in a name? Pure convention, even vendor specific. This one might be inspired by Linux distributions.

https://en.wikipedia.org/wiki/Software_ ... le_release

https://wiki.mikrotik.com/wiki/Manual:U ... ase_chains

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 9:42 am
by DarkNate
BTW, the copyright needs to be updated for 2021... It still reads:
MikroTik RouterOS 6.48.1 (c) 1999-2020       http://www.mikrotik.com/
(And when you are at it... How about changing the url to https?)
They have enabled HTTPS overwrite on their domain, technically it wouldn't matter. But you'd expect a "networking" company to know their shit and the difference between HTTP and HTTPS.

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 9:43 am
by DarkNate
and, no, i don't want any other answer
straight one, meaning of word stable is ...
Stable is don't be a pussy man! Stop complaining, you'll better send a bug report.
Send a bug report? Are you new to MikroTik, users both home and professionals have been reporting various bugs for decades and MikroTik refuses to fix them.

Here's one: viewtopic.php?f=21&t=172321#p842490

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 10:03 am
by eworm
BTW, the copyright needs to be updated for 2021... It still reads:
MikroTik RouterOS 6.48.1 (c) 1999-2020       http://www.mikrotik.com/
(And when you are at it... How about changing the url to https?)
They have enabled HTTPS overwrite on their domain, technically it wouldn't matter. But you'd expect a "networking" company to know their shit and the difference between HTTP and HTTPS.
That's not quite right, it does matter!
An attacker will make use of the fact that the first request is unencrypted. He/she can redirect you to his/her site, you will never receive the redirect from Mikrotik's http server and thus you will never see the encrypted version of Mikrotik's site.

When ever possible links should contain https instead of just http. Do not trust that the first unencrypted request will redirect you where you expect it.

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 12:31 pm
by DarkNate
BTW, the copyright needs to be updated for 2021... It still reads:
MikroTik RouterOS 6.48.1 (c) 1999-2020       http://www.mikrotik.com/
(And when you are at it... How about changing the url to https?)
They have enabled HTTPS overwrite on their domain, technically it wouldn't matter. But you'd expect a "networking" company to know their shit and the difference between HTTP and HTTPS.
That's not quite right, it does matter!
An attacker will make use of the fact that the first request is unencrypted. He/she can redirect you to his/her site, you will never receive the redirect from Mikrotik's http server and thus you will never see the encrypted version of Mikrotik's site.

When ever possible links should contain https instead of just http. Do not trust that the first unencrypted request will redirect you where you expect it.
Wouldn't matter if MikroTik configured their domain host/CDN correctly like this:
Image

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 1:46 pm
by eworm
Wouldn't matter if MikroTik configured their domain host/CDN correctly like this:
Image
No. There's nothing Mikrotik can do on their servers. If the attacker is successful no request will ever reach Mikrotik's servers.

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 09, 2021 2:39 pm
by NCalex
I tested the release on a CCR1036-12G-4S with Traffic of aprox 200mbit on 2 SFP ports -> still Port Flapping but not as often as in 6.48. About every 6h now.
Is there hope for an actual fix in the near future ?

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 10:37 am
by RedRoger
RB750Gr3
Does anybody know what it is?

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 10:40 am
by BartoszP
Resize this window.

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 10:45 am
by etm7469
Upgrading RBM33G + R11-LTE6 devices from 6.47.9 to 6.48.1 no problems.
As a reminder, the upgrade from 6.48 to 7.1b4 is becoming a brick from the router. On default settings. Only netinstall helps.

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 10:45 am
by RedRoger
it's better?

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 10:57 am
by Jotne
it's better?
I do see the same on my RB 750G v3
Why do not not see Temperature/Voltage? I do see it on 6.48.0
Have you also upgraded routerboard firmware to 6.48.1 and rebootet?

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 11:39 am
by eddieb
Screenshot 2021-02-10 at 10.37.14.png
on my RB750GR3 running 6.48.1 ...
no problems, there is just noting to configure so settings is empty ...

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 11:53 am
by RedRoger
Yap... No any datas in system/health menu. The same situation as in 6.48.0. And yes, routerboard is upgraded and rebooted

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 10, 2021 6:29 pm
by dpav0
I have an issue with wireless communication between one of my laptop that uses intel 9560 and Mikrotik RB962UiGS-5HacT2HnT.
Before upgrade, on 6.48 I have download 340mbit and upload over 300mbit/s. Just after flash, I have done same test when after few times, I get only 70mbit and it is totally maximum.
On firmware v7 I have similar issue (but there maximum upload was 10mbits! ), that's why I move back to stable and it seems that I will go to long-term soft.
If it helps, what's wrong, here is my export:
[admin@Master] > export
# feb/10/2021 17:27:15 by RouterOS 6.48.1
# software id = GZ2B-V28G
#
# model = RB962UiGS-5HacT2HnT
# serial number = XXXX
/interface bridge
add admin-mac=74:4D:28:CF:8C:AC auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-eeCe country="united states" disabled=no frequency=5540 installation=indoor mode=ap-bridge name=\
    5ghz ssid=Majki wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC country=no_country_set disabled=no frequency=auto frequency-mode=superchannel hide-ssid=yes \
    installation=indoor mode=ap-bridge name=24ghz ssid=Majki2 wireless-protocol=802.11 wps-mode=disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=mypassword wpa2-pre-shared-key=\
    mypassword
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=wpa2 supplicant-identity=MikroTik wpa2-pre-shared-key=mypassword
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1h10m name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=24ghz
add bridge=bridge comment=defconf interface=5ghz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.15 client-id=1:f4:92:bf:a0:c6:33 mac-address=F4:92:BF:A0:C6:33 server=defconf
add address=192.168.88.22 client-id=1:48:5f:99:cb:93:a6 comment="Brother DCW-1610W" mac-address=48:5F:99:CB:93:A6 server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,1.1.1.1,9.9.9.9 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=Master
/system routerboard settings
set auto-upgrade=yes
/tool graphing interface
add allow-address=192.168.88.0/24
/tool graphing queue
add allow-address=192.168.88.0/24
/tool graphing resource
add allow-address=192.168.88.0/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=24ghz name=Test
add interface=5ghz name=test2

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 13, 2021 12:08 pm
by kehrlein
Upgraded several devices with no issues so far:
CRS326-24G-2S+
CRS112-8P-4S
CCR1009-7G-1C-1S+
hEX S
RB750GL
mAP2nD

Re: v6.48.1 [stable] is released!

Posted: Sun Feb 14, 2021 10:23 am
by 7sergeynazarov7
Good afternoon, I'm using the CCR 1072 simple queues, I have test PCs with the obs streaming program. If you turn off all simple queues, then the bitrate is even, as it should be, if you turn on 2700 simple queues, then the bitrate jumps from 1000 KB to 6000 KB; 6000 KB is the norm. How to make stable with simple queues RoS 6.48beta22

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 15, 2021 1:51 pm
by denisnk
Tried new stable 6.48.1 on my hAP ac2 after long-term 6.46.8.
The same situation with new long-term 6.47.9.
I don't like this difference in sector write quantity with the same config.
That's why had to downgraded to the 6.46.8.
6.48.1_cr.png
6.46.8_cr.png

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 15, 2021 5:54 pm
by w0lt
Tried new stable 6.48.1 on my hAP ac2 after long-term 6.46.8.
The same situation with new long-term 6.47.9.
I don't like this difference in sector write quantity with the same config.
That's why had to downgraded to the 6.46.8.
6.48.1_cr.png6.46.8_cr.png
I'm running into the same thing with my hAP_AC2 . I don't understand why i'm getting some many sector re-writes. I was using 6.48.1 as the previous message but i'm still seeing them with the latest long term version.

Screen Shot 2021-02-15 at 9.49.05 AM.jpg

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 15, 2021 9:50 pm
by Emil66
Why do not not see Temperature/Voltage?
I had the same issue. It works again after I clicked "OK" on the empty settings page. (I use the web interface.)

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 15, 2021 10:48 pm
by PashaT
#SUP-41913

A huge amount of sector writes. More than 7 000 000.
It seems that events such as changing the port state are being recorded.

These writes are real? How bad is it?

I have an Android TV device with USB ethernet adapter attached. The port status ever-changing.

Screenshots:
Screenshot 2021-02-15 223811.png
Screenshot 2021-02-15 223710.png
#Added later

I think this is for port flapping issue debugging. But at what cost?
As an experienced user, I want to have settings for disabling such wasting features.

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 15, 2021 11:09 pm
by nightslider
Needs a dark mode

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 16, 2021 11:46 am
by B3nder
So FWIW....I'm also having issues with 6.48.1 on RB3011UiAS as others have described, and reverted back to 6.46.8 being the most recent long term version currently.

I personally would like to see thorough testing of specific issues / tickets raised. The release notes do specify that the issue has been resolved and i shouldn't need to second guess MikroTik on their firmware releases to ensure my installation is stable.

I will continue to support MikroTik, however i am growing weary of their firmware reliability.

EDIT: I thought I'd rather contribute then complain and installed 6.49beta11 so that i could raise concerns early. Im very happy to report that so far my system has been stable and it seems to have resolved the issues experienced. Stable ports and smooth upgrade itself. Thanks to the MikroTik Team.

Re: v6.48.1 [stable] is released!

Posted: Thu Feb 18, 2021 12:49 pm
by sindudas
webproxy on hAP lite still doesn't work. Since versions 6.45.x

First try, its showed on "Web Proxy Connections" the server and client connection, but Browser never loaded the requested web. The next web requests ends with "connection timeout".

Is there plans to correct that issue?

Re: v6.48.1 [stable] is released!

Posted: Thu Feb 18, 2021 2:35 pm
by pe1chl
Come on! Web proxy on a hAP lite???
Maybe it is better when MikroTik release a "RouterOS lite" version for use on smips which does not include such applications...
That would also ease the upgrading for those users, as they now often run out of memory during the upgrade and end up with a device that bricks or cannot upgrade.

Re: v6.48.1 [stable] is released!

Posted: Thu Feb 18, 2021 3:44 pm
by acidvenom
webproxy on hAP lite still doesn't work. Since versions 6.45.x
Please welcome RZD Russia on Mikrotik forum!

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 19, 2021 8:03 am
by Jotne
As far as I understand, webproxy does not work on https site, so there are no use for it any more since nearly all site are https.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 19, 2021 10:59 am
by pe1chl
It can be used with https, but only when configured in the client as a proxy server. Not when configured in the router as a transparent proxy.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 19, 2021 2:47 pm
by Jotne
So if you have no control of the client, webproxy is useless.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 19, 2021 3:14 pm
by pe1chl
So if you have no control of the client, webproxy is useless.
That is correct. You can do "auto proxy config" e.g. on Windows machines but it requires a webserver to store a file with the proxy config (the URL of that file is sent as a DHCP option).
In such cases it is a bit inconvenient that RouterOS does not provide a small webserver (unless you trick hotspot into doing that).

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 20, 2021 12:26 am
by bonaventure
RouterOS version 6.48.1 has been released in public "stable" channel!

[...]

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
Hi Emils,

this so called "stable" release is - at least when it comes to SIP - nothing less that stable, at least not on Rb1100AHx4.
I had to revert to 6.47(LTS) to be able to use my Gigaset N510 IP PRO (DECT station) again.

What I am still wondering is that also the firmware update from profile.gigaset.net/device failed completely, though the
download of the current firmware from e.g. profile.gigaset.net/device/42/merkur258_42.bin worked perfectly from any browser.

just my 0.02,
BR Stefan

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 22, 2021 3:22 am
by kangu1408
Hello everyone. I tell you that I have the v8.1 version installed on a 1036 router and I have problems with my interfaces that are connected.

inexplicably appears in the log link down and then link up for few seconds.

Please can you help me..?

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 22, 2021 8:07 am
by hkunnana
After upgrade, the dude client takes too long to get connected to the dude server, some times hours. Any ideas?

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 22, 2021 1:44 pm
by rushlife
RBmAP2nD with 6.48.1 connected to CAPsMAN ap's....MASSIVE packet loss (about 85%)

Re: v6.48.1 [stable] is released!

Posted: Mon Feb 22, 2021 3:01 pm
by Guntis
rushlife If the issue is version-related, please report it to support@mikrotik.com or in our support portal. Together with problem description and a supout.rif file made while the issue is present.

Re: v6.48.1 [stable] is released!

Posted: Tue Feb 23, 2021 9:34 am
by Olexandr999
Hello! I upgraded about 5,000 CPEs (SXT 5 LHG 5 and SXTsq lite5) to version 6.48 (stable). After the update, everything was fine, but time passed (+ -3 weeks) and already on updated and working devices, the cases when the firmware takes off became more frequent, and you can only restore it with netinstall. Has anyone encountered this, do you have any thoughts?

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 24, 2021 5:10 pm
by leonardogyn
as reported on 6.48, queue tree packets counter seems to be a 32 unsigned integer and is overflowing at 2 million and something packets. On that point, number becames negative and starts decreasing. The screenshot is from a RB1100AHx2 unit.
Captura de tela 2021-02-24 120759.jpg

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 24, 2021 5:54 pm
by pe1chl
as reported on 6.48, queue tree packets counter seems to be a 32 unsigned integer and is overflowing at 2 million and something packets.
That is not the only "32-bit counter" issue in RouterOS v6. I have previously reported such issues and it seems the fix for that is planned only in v7.

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 24, 2021 9:38 pm
by leonardogyn
That is not the only "32-bit counter" issue in RouterOS v6. I have previously reported such issues and it seems the fix for that is planned only in v7.
.
Great to know that. This is the first time/place in which I really stumbled upon this 32-bit overflow. I wasn't aware it's already known and planned for v7. Thanks for the info.

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 24, 2021 11:27 pm
by Jaro
Hi,
Time to time my lan link rate falls down from 1Gbps to 100Mbps.
I'm still using the older version 6.47.3 on RB 4011iGS and I didn't find any notes in newer versions about fixing such a issue.
The device connected through the lan is UBNT Rocket Prism 5AC Gen 2 with last update 8.7.1.
When I restart UBNT nothing happens - still wrong link rate 100Mbps. If I restart RB the link comes back to 1Gbps.
I solved the problem by removing the 100Mbps link rate from ethernet sheet.
But any way I'm curious where could be the problem?

Thank you for your answer

Re: v6.48.1 [stable] is released!

Posted: Wed Feb 24, 2021 11:46 pm
by mkx
I'd replace cable connecting RB and UBNT ... marginal cable can cause lowering the negotiated speed.

回复:v6.48.1 [稳定] 发布!

Posted: Thu Feb 25, 2021 2:15 am
by wwwcjh
When crs328-24p-4s + was upgraded from 6.45.9 to 6.48.1, it was restarted repeatedly. Later, it returned to 6.46.8.
CRS328-24P-4S+从6.45.9升级到6.48.1出现了重启现象,反复重启。后来恢复到6.46.8版本,正常。

Re: v6.48.1 [stable] is released!

Posted: Thu Feb 25, 2021 7:16 pm
by mskoric
Hi Guys,

i discoverd a strange bug! After i upgraded to 6.48.1 my voip phone (Gigaset S850A GO) wasn't able to connect/reconnect to the voip registrar. I tried to track the problem down
and enabled the packet sniffer. I analysed the traffic from the phone with wireshark and realized that there is nothing wrong with the packages and the connection was established correctly and
there was no reconnect failuire or something. AS LONG AS the packet sniffer was active on the router (RB 2011UiAS/2HnD). After disabling the packet sniffer the connection to the registar was lost after
a short time and couldnt be reestablished. I don't know what happens inside the routerOS if the packet sniffer is enabled, but it seems so magic is happening which turns a non working connection into a working..
After downgrading to 6.47.9 everything works as expected. I don't know if anyone wants to fix this or if anyone has the same problems, just wanted to tell someone and i thought this could be a good place for that.

If anyone want's more info, just send me pm.

Majk

Re: v6.48.1 [stable] is released!

Posted: Thu Feb 25, 2021 7:35 pm
by nescafe2002
mskoric; yes, sniffer disables fast path. The issue is fixed in 6.49beta11.

viewtopic.php?f=21&t=172259&p=842156#p844958

The reported SIP phone issue is fixed with this change:
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;

The suggestion to disable MNDP is because in the 6.48 version MNDP had some changes and it now uses an individual slave port MAC address instead of bridge/bond MAC. The same thing is done with other neighbor protocols, but MNDP is the only one that uses IP packets. It turns out, this can affect the ARP table on certain devices and they might start to use this other MAC from MNDP as a destination. On the RouterOS side with an active bridge/bond fast-path, these packets were dropped.

You might not notice the issue because MNDP is sent only once in a minute, the bridge did not use a fast-path or your phone simply ignored the MNDP.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 26, 2021 12:47 am
by jaybird99
Just of note, this firmware drastically improved my deployment of wAP 60AD's. I mean, drastically.

Master links now show all connected slaves and their MCS/PHY/Signal which was not previously present. That's extremely useful.

Re: v6.48.1 [stable] is released!

Posted: Fri Feb 26, 2021 11:42 am
by eddieb
I have 1 report with SIP problems on 6.48.1 on a 4011
Gigaset N300A basestation is unable to connect to the sip provider with MNDP on...

disabling it in IP->Neighhour->Discovery Settings solves the problem and all works fine

Re: v6.48.1 [stable] is released!

Posted: Sat Feb 27, 2021 8:37 pm
by RafGan
The Dude problem. My device's custom images disappeared from unknown reason. I was trying to recover my Dude database, but i'v got this:

/dude import-db file-dude.db
status: import failed

And all my job was go to the hell.

Database is creating daily by scheduler and it was always working in older versions.

LLDP-MED behavior

Posted: Sun Feb 28, 2021 5:39 pm
by OndrejHolas
Tried to get LLDP-MED working with Cisco and Grandstream IP phones, but the behavior of ROS renders this function unusable. During the first contact, ROS responds to LLDP-MED probe from the phone by burst of LLDP frames that include MED TLVs - this behavior is correct, the phone catches information about voice VLAN and connects in tagged mode. But when you reboot the phone, until ROS loses neighbor information (the phone is still present in neighbor cache), ROS does not respond to LLDP-MED probe immediately, instead it is sending LLDP frame every minute. As the phone does not see immediate reponse (in a few seconds) to the LLDP-MED probe, it abandons VLAN assignment via LLDP-MED and tries to connect untagged (in native VLAN).

The fix should be quite straightforward - after reception of LLDP-MED probe from the phone, ROS should respond by burst of LLDP-MED frames (including MED network policy TLV) always, regardless of the neighbor cache. This behavior is common amongst switches from many vendors.

Ondrej

Re: LLDP-MED behavior

Posted: Mon Mar 01, 2021 3:12 am
by mducharme
But when you reboot the phone, until ROS loses neighbor information (the phone is still present in neighbor cache), ROS does not respond to LLDP-MED probe immediately, instead it is sending LLDP frame every minute. As the phone does not see immediate reponse (in a few seconds) to the LLDP-MED probe, it abandons VLAN assignment via LLDP-MED and tries to connect untagged (in native VLAN).
Interesting. I wonder if this is related to the issue I had found? viewtopic.php?f=21&t=171035&p=836796#p836789

Re: LLDP-MED behavior

Posted: Mon Mar 01, 2021 11:29 am
by OndrejHolas
Interesting. I wonder if this is related to the issue I had found? viewtopic.php?f=21&t=171035&p=836796#p836789
When looking at the behavior it seems there are three different problems with LLDP:
  • bridge forwards LLDP frames
  • LLDP frames are sent VLAN-tagged and without VLAN in LLDP-MED network policy TLV (this one may eventually be related to the previous one, but who knows)
  • LLDP-MED probes are ignored in active neighbor state
Of course, no one can judge how these are related without investigation in the code.

In the current state, we decided to not use LLDP on boxes running ROS - there are no configuration options to control LLDP tx/rx and individual TLVs sent/accepted (security policy requires us to minimize attack surface and information available anonymously) and we cannot run even LLDP-MED at least for IP phones as it is unusable.

Ondrej

Re: LLDP-MED behavior

Posted: Mon Mar 01, 2021 1:35 pm
by sindy
[*]bridge forwards LLDP frames
Just to be clear - is this true also when protocol-mode differs from none on that bridge?

Re: LLDP-MED behavior

Posted: Mon Mar 01, 2021 2:14 pm
by OndrejHolas
[*]bridge forwards LLDP frames
Just to be clear - is this true also when protocol-mode differs from none on that bridge?
I haven't tried it yet, we do not use bridges in any of the xSTP modes (at the edge APs, where we use bridges, there's really no need to include them in the spanning tree topology). However, both protocols (xSTP and LLDP) are independent and thus the protocol setting (none/stp/rstp/mstp) at the bridge level should not change whether LLDP BPDUs are forwarded or not (yes, I know that in Linux kernel forwarding of both these protocols is controlled by the same bitmap setting group_fwd_mask, so there may be common point of both). Also, the behavior can be different in different modes of bridge operation (full software bridging, fast path, switchchip aka hardware acceleration), so there are many scenarios to check the behavior in all possible situations.

To be precise, the reasons why a when (not) forward STP and LLDP are also different:
  • LLDP - intended to exist only between physical ports, so the bridge/switch should not forward LLDP BPDUs in any case
  • STP - if the bridge/switch does not perform spanning tree operations, it should forward (=flood) STP BPDUs so it does not break function of spanning tree in the surrounding network (from spanning tree perspective such passive switch acts like a cable); otherwise, if the bridge/switch is active part of spanning tree topology, STP BPDUs need to be processed on reception and not forwarded

Ondrej

Re: LLDP-MED behavior

Posted: Mon Mar 01, 2021 5:04 pm
by OndrejHolas
...the behavior can be different in different modes of bridge operation (full software bridging, fast path, switchchip aka hardware acceleration)...
And indeed it is. I did a quick test on RB750GL (switchip Atheros 8327) and the results are:
  • bridge in full software and fast path modes with protocol-mode=none forwards LLDP frames
  • bridge in full software and fast path modes with protocol-mode=rstp does not forward LLDP frames
  • bridge in hardware accelerated mode always forwards LLDP frames
Also, in hardware accelerated mode, when the switch ports have configured VLANs, LLDP frame forwarded from access port to trunk port gets appropriate 802.1Q encapsulation, that is completely wrong, but this is expectable generic behavior of switch chip that doesn't know anything about LLDP.

Ondrej

Re: v6.48.1 [stable] is released!

Posted: Tue Mar 02, 2021 7:55 am
by saaremaa
After upgrading to FW 6.48.1, my 3 CCR1009-8G-1S routers (PPPoE servers) disconnect from PPPoE client every minute. What could be wrong? Upgrading to FW 6.46.8 fixes this issue.

Re: v6.48.1 [stable] is released!

Posted: Thu Mar 04, 2021 6:45 pm
by reinierr
Problem with 6.48.1 – Ike2 – No Phase 2
With version 6.48 perfect Site to site connection to Azure. However. With version 6.48.1 no connection, “No Phase 2”.
In What’s new I read “ ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48)”. Any relation?

Re: v6.48.1 [stable] is released!

Posted: Fri Mar 05, 2021 6:23 pm
by rb9999
upgraded hAP ac routeos and routerboard firmware (routerboot) as well from 6.47.4 directly to 6.48.1. - ethernet port started flopping, pretty much 'stock' config. dunno why :( downgrading to 6.47.8 solved the issue.