Did you already increase the DNS cache size? It can be changed from 2048 to 20480 without issue on that router.I think the problem is not only in free space.
I have 3500 KB of free space on my router.
Did you already increase the DNS cache size? It can be changed from 2048 to 20480 without issue on that router.I think the problem is not only in free space.
I have 3500 KB of free space on my router.
When a VPN serve has a "port-knocking" implemented, the client must "knock" in order to connect. Until 7.14.1 "on-down" script was performing the "knocking" perfectly.I do not understand what this has to do with a port-knocking mechanism.
Yes, of course:Did you already increase the DNS cache size? It can be changed from 2048 to 20480 without issue on that router.I think the problem is not only in free space.
I have 3500 KB of free space on my router.
we do not use bgp-signalled vpls. I opened a ticket to the support and they are still investigating, Same issue on 7.16 beta 1 and 2i haven't upgraded yet but running vpls as well, did you experience this issue running bgp-signalled vpls? if so did you manage to find a solution on 7.15I try today v7.15 on 3 different 4011.
VPLS vs 7.14 2216 doesn't go running.
After dowgrade it to 7.14 interface goes up with no configuration change.
Anyone noticed this issue?
Think your config is a bit messy, but not that strange @VadiKO.
What you can try:
- set encryption=ccmp on the for5G security settings
- set authentication-types to wpa2-psk only (had some strange stuff going on with combined wpa2-psk and wpa3-psk)
- set dtim-period (part of the configuration) to 3 (which is advised by Apple)
At last...I prefer to use a single bridge, but that is probably not a problem in your case.
Dude never worked for me (errors about incorrect files), upgrade through CAPsMAN works like a charm.Did anybody had a similar issue with this upgrade step?
That is because the "ip routes" display is effectively a "filter" showing only the IPv4 routes out of all routes (including IPv6).And what "8 items out of 24" means is completely unknown to me.
It's long past time for MikroTik to unify IPv4 and IPv6 commands and menus into IP, and create IPv4 and IPv6 submenus just for specific things.That is because the "ip routes" display is effectively a "filter" showing only the IPv4 routes out of all routes (including IPv6).
This would require a move to netfilter from iptables, a fairly major job. I imagine something like this would be a RouterOS v8 feature.It's long past time for MikroTik to unify IPv4 and IPv6 commands and menus into IP, and create IPv4 and IPv6 submenus just for specific things.That is because the "ip routes" display is effectively a "filter" showing only the IPv4 routes out of all routes (including IPv6).
.It is purely a winbox 3.x issue, unrelated to nftables, iptables, netfilters or anything else.
Like pe1chl already wrote, Winbox takes all routes from routing/route and is applying the filters.
There are 3 kinds of routes: IPv4, IPv6, and "link" (I think these are used for the link-level non-IP protocols like ARP).Not a big deal but sum of them not equal out of count.
:delay 15
/interface/pppoe-server/disable [find]
/interface/pppoe-server/enable [find]
I can confirm similar behavior with 7.15.1. Downgrade to 7.14.3 solved the problem for me too.hAP ax3, 7.15 and Chromecast strange behaviour.
When I cast a movie from my smartphone to my TV via Chromecast, in a few seconds —no more than 10–20 seconds— all the WiFi devices in the house get disconnected. I mean all of them, 2 phones, 1 laptop and Chromecast itself.
Downgrading to 7.14.3 solved the problem.
viewtopic.php?p=1080246#p1080246With SUP-155649 I was asking how “reselect-interval” ( https://help.mikrotik.com/docs/display/ROS/WiFi ) is working, but still no answer.
Anyone has a clue?
What is the SUP number? The previous poster was asked for one by MT but I never saw a response.I can confirm similar behavior with 7.15.1. Downgrade to 7.14.3 solved the problem for me too.hAP ax3, 7.15 and Chromecast strange behaviour.
When I cast a movie from my smartphone to my TV via Chromecast, in a few seconds —no more than 10–20 seconds— all the WiFi devices in the house get disconnected. I mean all of them, 2 phones, 1 laptop and Chromecast itself.
Downgrading to 7.14.3 solved the problem.
How do you monitor free space disk?3) Device has enough free storage space for all RouterOS packages to be downloaded.
I'm glad I haven't upgraded yet. And it's been quite a few days, and no answer from Mikrotik? At least on which use cases are affected?I still have disconnection problems with Wifi on hAP AX3. I had to revert to 7.14.3 because I have no time now to debug the issue.
I confirm the same problem about 10Mbps download on some ports while upload is OK. I have two CRS354 with MLAG. Version 7.14.3 does not have this problem.Exact same situation here with a CRS354, downloads goes to 10Mbps on some ports while upload is fine. Ok after a reboot for a little moment before it start again. I had to rollback to 7.14.3.
hello everybody! sorry if this isnt the right place for this, but...
Please keep this forum topic strictly related to this particular RouterOS release.
Having a problem with RouterOS 7.15 and 7.15.1 that MLAG peer link drops out causing interruptions in network:2 x CRS354-48G-4S+2Q+ setup with 2 x 40G (QSFP+) LACP LAG as the peer link (called bond-peer).Code: Select all09:38:01 bridge,warning "bridge" peer disconnected 09:38:01 bridge,warning "bridge" peer link down 09:38:01 bridge,info "bridge" peer link up 09:38:01 bridge,info "bridge" peer connected 09:38:01 bridge,info "bridge" peer becomes primary DC:2C:6E:D2:AF:4B
Ports themselves and LACP link does not flap when these notifications happen. QSFP+ ports are interconnected using MikroTik Q+DA0001 DAC (40 Gbps QSFP+ direct attach copper cable).
I haven't. CRS312, CRS354 MLAG'd together with a CCR2116 on one side and a pair of MLAG'd CRS317's on the other. The 312 and 354 are running 7.15, tied together on SFP+ ports with a DAC. (The QSFP+ ports on the 354 have breakout cables for use with my lab routers, and aren't a part of the MLAG.)Bump on this please, has everyone else given up on MLAG on the CRS platform?
Where are the SUP tickets?I'm glad I haven't upgraded yet. And it's been quite a few days, and no answer from Mikrotik? At least on which use cases are affected?I still have disconnection problems with Wifi on hAP AX3. I had to revert to 7.14.3 because I have no time now to debug the issue.
I haven't upgraded so I didn't have any devices running for opening tickets. (Well, I have one remote AP upgraded, but that gets practically 2-3 devices uses).Where are the SUP tickets?
I'm glad I haven't upgraded yet. And it's been quite a few days, and no answer from Mikrotik? At least on which use cases are affected?
I'm running 7.15.1 with no issues on multiple cAP AXs and a huge variety of devices.
https://help.mikrotik.com/docs/pages/vi ... =189497483Could we get more documentation/information on the QoS at the switch chip level?
I’m looking for a diagram explaining the order of rules applied to packetshttps://help.mikrotik.com/docs/pages/vi ... =189497483Could we get more documentation/information on the QoS at the switch chip level?
Read the other posts. There's a few VPLS issues reported. Or just search for "VPLS" in this very page.We just upgraded a few of our routers from 7.12.1 to 7.15.1. This broke our vpls sessions. So we downgraded down to 7.14.3 and now they are good again. Is there a known VPLS issue with 7.15.1?
I re-upgraded to 7.15.1 from 7.14.3 my hAP AX3 and hAP AX lite (CAPsMAN on the AX3). I observe that an IoT device (MAC address starting with 44) continuously associates and connects. The IoT device placement is fixed.Where are the SUP tickets?
I'm glad I haven't upgraded yet. And it's been quite a few days, and no answer from Mikrotik? At least on which use cases are affected?
I'm running 7.15.1 with no issues on multiple cAP AXs and a huge variety of devices.
Confirmed fixed in the next release (either 15.2 or 16.x).. downshift function problem. downshift doesn't affect LAG ports (at least on other platforms)I confirm the same problem about 10Mbps download on some ports while upload is OK. I have two CRS354 with MLAG. Version 7.14.3 does not have this problem.Exact same situation here with a CRS354, downloads goes to 10Mbps on some ports while upload is fine. Ok after a reboot for a little moment before it start again. I had to rollback to 7.14.3.
Can you share you WiFi config for the 2gI re-upgraded to 7.15.1 from 7.14.3 my hAP AX3 and hAP AX lite (CAPsMAN on the AX3). I observe that an IoT device (MAC address starting with 44) continuously associates and connects.
Where are the SUP tickets?
I'm running 7.15.1 with no issues on multiple cAP AXs and a huge variety of devices.
reconnections.png
The IoT device placement is fixed.
I will open a ticket.
Same here..Hap Ax3 7.15.1.wifi 5GHz disconnected issue.Hopefully somebody did report this to mikrotik.I still have disconnection problems with Wifi on hAP AX3. I had to revert to 7.14.3 because I have no time now to debug the issue.
Same here...When I came home my Phone oneplus 9 do not want joint the wifi. Turn off and on wifi on mobile helps..it was not happening in the older ROS.Same here..Hap Ax3 7.15.1.wifi 5GHz disconnected issue.Hopefully somebody did report this to mikrotik.I still have disconnection problems with Wifi on hAP AX3. I had to revert to 7.14.3 because I have no time now to debug the issue.
And why don't you ? The more reports they get in with more info, the easier for them to find the problem.Same here..Hap Ax3 7.15.1.wifi 5GHz disconnected issue.Hopefully somebody did report this to mikrotik.I still have disconnection problems with Wifi on hAP AX3. I had to revert to 7.14.3 because I have no time now to debug the issue.
I just simply doesnt have the time to spend on logs and writing email and so on.Hopefully somebody has the drive to report SUP ticket.It intermitent though.And why don't you ? The more reports they get in with more info, the easier for them to find the problem.
If everyone is looking at someone else to report, nothing will happen.
And FWIW, no issues on my side with AX line APs (already on 7.16b2 with all devices at home, production devices are on 7.15.1)
But you do have time to complain about it ?I just simply doesnt have the time to spend on logs and writing email and so on.Hopefully somebody has the drive to report SUP ticket.It intermitent though.And why don't you ? The more reports they get in with more info, the easier for them to find the problem.
If everyone is looking at someone else to report, nothing will happen.
And FWIW, no issues on my side with AX line APs (already on 7.16b2 with all devices at home, production devices are on 7.15.1)
Maybe I will.
But you do have time to complain about it ?
Making a ticket doesn't take much longer.
Serious ...
I have a pair of CRS-317's in MLAG, with two DAC's in a bond forming the MLAG channel between the two CRS-317.Bump on this please, has everyone else given up on MLAG on the CRS platform?
What is your SUP? These wireless issues are not easy to diagnose with comments about disconnects without a supout file and support ticket. So far there have been a few people here indicating they have disconnect issues but none have generated this file and created a support case with it and details of the problem, as far as I’ve seen.For me my Iot device..
Don't metter which version some of them old smart plug keep flapping.. Connect to disconnect...
If I use other brand no issue at all...
I have to keep 2 access point, cap ac only for Iot 2 Ghz
And cap ax only 5ghz for my devices....
I have a sup case, open 20/Dec/23What is your SUP? These wireless issues are not easy to diagnose with comments about disconnects without a supout file and support ticket. So far there have been a few people here indicating they have disconnect issues but none have generated this file and created a support case with it and details of the problem, as far as I’ve seen.For me my Iot device..
Don't metter which version some of them old smart plug keep flapping.. Connect to disconnect...
If I use other brand no issue at all...
I have to keep 2 access point, cap ac only for Iot 2 Ghz
And cap ax only 5ghz for my devices....
15:23:19 dhcp,info dhcp10 deassigned 192.168.0.125 for 1C:3B:xxxxxxxxx05 HS110
15:23:19 dhcp,info dhcp10 assigned 192.168.0.125 for 1C:3B:F3xxxxxxxxx HS110
15:23:19 dhcp,info dhcp10 deassigned 192.168.0.124 for B0:95:xxxxxxxxxCC HS110
15:23:20 dhcp,info dhcp10 assigned 192.168.0.124 for B0:95:75xxxxxxxxx HS110
15:23:38 dhcp,info dhcp10 deassigned 192.168.0.125 for 1C:3B:xxxxxxxxx05 HS110
15:23:40 dhcp,info dhcp10 assigned 192.168.0.125 for 1C:3B:F3xxxxxxxxx HS110
15:23:48 dhcp,info dhcp10 deassigned 192.168.0.125 for 1C:3B:xxxxxxxxx05 HS110
15:23:48 dhcp,info dhcp10 assigned 192.168.0.125 for 1C:3B:F3xxxxxxxxx HS110
15:23:48 dhcp,info dhcp10 deassigned 192.168.0.126 for 1C:3B:xxxxxxxxx68 HS110
15:23:48 dhcp,info dhcp10 assigned 192.168.0.126 for 1C:3B:F3xxxxxxxxx HS110
15:24:06 dhcp,info dhcp10 deassigned 192.168.0.126 for 1C:3B:xxxxxxxxx68 HS110
15:24:06 dhcp,info dhcp10 assigned 192.168.0.126 for 1C:3B:F3xxxxxxxxx HS110
15:24:11 dhcp,info dhcp10 deassigned 192.168.0.125 for 1C:3B:xxxxxxxxx05 HS110
15:24:11 dhcp,info dhcp10 assigned 192.168.0.125 for 1C:3B:F3xxxxxxxxx HS110
15:24:12 dhcp,info dhcp10 deassigned 192.168.0.124 for B0:95:xxxxxxxxxCC HS110
15:24:12 dhcp,info dhcp10 assigned 192.168.0.124 for B0:95:75xxxxxxxxx HS110
My hAPax2/cAPax has stopped flapping devices on on the latest beta, also DoH seems to work on 1.1.1.1 with add-blocking just dandy.Has the issue of wireless clients being disconnected on hap ax2 been resolved yet? I haven't seen anything in the changelogs yet on this (staying on v7.14.3 in the meanwhile), hopefully someone can confirm
take supout when invlaid and open a ticket.Hello everyone, Useing OS version V7.15.1, Getting some problem with PPPOE Server at Vlan interface being "invalid" after power off/on or normal reboot. Because of invalid pppoe server interface pppoe user cant connect to mikrotik. If manually disable/enable PPPOE server interface make interface valid again , then again pppoe user can connect to mikrotik. Can you please share solution of this kind of problem?
What's new in 7.15.2 (2024-Jun-26 14:42):
*) winbox/webfig - fixed skins (introduced in v7.15);
looks like usb3 interference] > interface/wifi/frequency-scan wifi2
Columns: CHANNEL, LOAD, NF
CHANNEL LOAD NF
2412 100% -49
2417 100% -49
2422 100% -50
2427 100% -67
2432 99% -64
2437 100% -64
2442 100% -66
2447 99% -68
2452 100% -72
2457 99% -74
2462 100% -77
2467 100% -76
2472 100% -79
from webfigClear Winbox cache.
thanks, clearing images cache, resolve the problemOh. Maybe browser cache then. I have this same issue on Mikrotik Android app and clearing caches does not resolve it. Already reported to support.
sorry, forgot to mention, found it in wiki and already tried it, nothing changedtick Responder
because nothing was changed regarding wireguard on my side, I was expecting the log having the same entries that I had on 7.12well, you set persistent keep alive. what do you expect?
When I upgraded to 7.15.1 from 7.14.3, I had the issue. Then, I reset the device re-applying the configuration from 7.14.3 and the issue disappeared. Maybe some left-over from previous attempts?Has the issue of wireless clients being disconnected on hap ax2 been resolved yet? I haven't seen anything in the changelogs yet on this (staying on v7.14.3 in the meanwhile), hopefully someone can confirm
Nope...Hap AX3 here.Im on 7.15.2 from 7.15.1.Wifi clients still disconnecting randomly.Has the issue of wireless clients being disconnected on hap ax2 been resolved yet? I haven't seen anything in the changelogs yet on this (staying on v7.14.3 in the meanwhile), hopefully someone can confirm
thanksJust remove the keep alive for the peer and you should be fine
Rock on.thanks
found an explanation on reddit about these settings
did exactly that and without responder, my log looks fine now :-)
no, the problem still existsHas the issue of wireless clients being disconnected on hap ax2 been resolved yet? I haven't seen anything in the changelogs yet on this (staying on v7.14.3 in the meanwhile), hopefully someone can confirm
- issue with qsfp cable, after connection it was acting as 4x1gb those loops where crated.Does anyone have issues with QSFP+ (40gbps) with 7.15.2 ? loops etc ?
I noticed that on the RB5009 when doing a partition copy to (router has been configured with 2 partitions) some timing-critical tasks fail.
(e.g. BGP with BFD, Tool->Netwatch)
I don't think I have seen that with earlier versions...
Hello,looks like usb3 interference] > interface/wifi/frequency-scan wifi2
Columns: CHANNEL, LOAD, NF
CHANNEL LOAD NF
2412 100% -49
2417 100% -49
2422 100% -50
2427 100% -67
2432 99% -64
2437 100% -64
2442 100% -66
2447 99% -68
2452 100% -72
2457 99% -74
2462 100% -77
2467 100% -76
2472 100% -79
No, not for me. 2x 40GBit connection to a CRS326-24S+2Q+ (ROS 7.15.2 and Firmware) with cables by FS without any problems.Does anyone have issues with QSFP+ (40gbps) with 7.15.2 ? loops etc ?
Just to add that 7.15.1 and 7.15 both present the same issue. The issue is more intense now, with 10-15 minutes of normal DNS resolution and 5 minutes (or so about) with no resolution been made. Had to revert to 7.14.3.We updated from 7.15.1 to 7.15.2 to several RB760iGS units.
We have activated the "allow incoming requests" to the DNS server of each device, as it is used by local clients for name resolution.
Since the upgrade, we have been noticing the DNS service to stop responding to requests from clients, every 3-4 hours or so, and receive complaints from users. The only solution is to enable (& save) and disable the "allow incoming requests" setting of the router AND clear the DNS cache.
Even after reverting to back to 7.15.1, the issue remains.
Thanks. I found issue with qsfp+ cable, acting as 4x1gb for no reason (faulty)No, not for me. 2x 40GBit connection to a CRS326-24S+2Q+ (ROS 7.15.2 and Firmware) with cables by FS without any problems.Does anyone have issues with QSFP+ (40gbps) with 7.15.2 ? loops etc ?
The more I read the less i know.looks like usb3 interference] > interface/wifi/frequency-scan wifi2
Columns: CHANNEL, LOAD, NF
CHANNEL LOAD NF
2412 100% -49
2417 100% -49
2422 100% -50
2427 100% -67
2432 99% -64
2437 100% -64
2442 100% -66
2447 99% -68
2452 100% -72
2457 99% -74
2462 100% -77
2467 100% -76
2472 100% -79
If you refer to my comment, there is no step to be taken for reproduction.. it just happens continuously after power on!how to reproduce?
If possible try to in a lab setup your own authoritive DNS server for the zone lets say "example.com" and then have a client using your Mikrotik as a resolver for test.example.com and have that being looped by a bashscript or such and see if you get a constant time before your Mikrotik starts to no longer give replies?If you refer to my comment, there is no step to be taken for reproduction.. it just happens continuously after power on!how to reproduce?
It does not happen for me despite using the mikrotik DNS as well. That is why I asked how to reproduce it.If you refer to my comment, there is no step to be taken for reproduction.. it just happens continuously after power on!how to reproduce?
The question "how to reproduce" can be translated as: "please, tell me the EXACT steps in order to make it happen on my system". There is a logic behind it: what is "clear" and "obvious" to you may not be to me - or him.If you refer to my comment, there is no step to be taken for reproduction.. it just happens continuously after power on!
Just in case, problem report standard litany reference:So, what were the EXACT steps? What did happen? What did You expect? These three points will make far easier to debug the problem.
Holy fck... Winbox/Mikrotik/ROS is still surprising me after almost 20 years...That is because the "ip routes" display is effectively a "filter" showing only the IPv4 routes out of all routes (including IPv6).
Thank you for the EXACT clarification....The question "how to reproduce" can be translated as: "please, tell me the EXACT steps in order to make it happen on my system". There is a logic behind it: what is "clear" and "obvious" to you may not be to me - or him.If you refer to my comment, there is no step to be taken for reproduction.. it just happens continuously after power on!
And if the developer can't reproduce the problem, we get that dreaded answer: "works for me".
So, what were the EXACT steps? What did happen? What did You expect? These three points will make far easier to debug the problem.
I think my description so far on how to reproduce and to the nature of the issue, covers the input you mention..Just in case, problem report standard litany reference:So, what were the EXACT steps? What did happen? What did You expect? These three points will make far easier to debug the problem.
http://jdebp.info/FGA/problem-report-st ... itany.html
To be fair:Please generate a supout.rif file and hand it to support@mikrotik.com.
Support issue opened SUP-157852
Sorry for going slightly offtopic but what is the expected turnaround time to get a response from support?Please accept my apology. Still unclear if supout.rif was attached to that SUP, but I am sure Mikrotik will request it if missing.
I had issues with this as well. I got it to work a bit better by setting an admin-MAC on the bridge and also lowering the ageing-time to 1min.I have a pair of CRS-317's in MLAG, with two DAC's in a bond forming the MLAG channel between the two CRS-317.Bump on this please, has everyone else given up on MLAG on the CRS platform?
I have an upstream CRS-328P that is running LAG across both CRS-317's (In an MLAG LAG group).
I have AX3 access points coming off the CRS-328P with clients connected to those CAPsMAN access points.
The CRS-317's are connected to ESXi hosts. The ESXi hosts are not configured for LAG, but multipathed. This means that a particular VM will be mapped to a particular egress port of the ESXi at VM startup, and will 'fail over' to the other egress port if the chosen port goes down for some reason.
All works well, UNTIL you reboot one of the CRS-317's forming the MLAG. Whilst the CRS-317 is rebooting everything continues on as normal, maybe a ping or two lost as ESXi switches over to the other CRS-317 for what ever VMs it had running on the CRS-317 I just rebooted, but all VM's remain accessible from the access points.
When the CRS-317 comes back up, everything is ok for a few seconds, then I lose access to a 'random' number of VMs for 5 minutes (arp aging timeout on the CRS-317's I am suspecting). Basically the ESXi host starts using the rebooted CRS-317 for those VM's that were originally using it, but the non-rebooted CRS-317 does not know/see that, flushing the ARP cache on both CRS-317 fixes the problem.
So, at least in my case, the MLAG switches do not converge their ARP caches, but appear to rely on ARP caching aging to fix things for them.
[xxxx@router] > ip upnp export verbose
# 2024-07-07 18:19:04 by RouterOS 7.15.2
# software id = xxxxxx
#
# model = RBD52G-5HacD2HnD-TC
# serial number = xxxxxx
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ip upnp interfaces
add disabled=no !forced-ip interface=eth1-nbn type=external
add disabled=no !forced-ip interface=home type=internal
[xxxxx@router] >
https://help.mikrotik.com/docs/pages/vi ... =237699479What's new in 7.15 (2024-May-29 15:44):
*) media - added support for DLNA;
Again, a feature which has nothing to do with routing was introduced, only to bloat main package and cause security vulnerabilities. Since DLNA can't be disabled or uninstalled, I guess we have to live with it now...DLNA and UPnP work in tandem to provide a seamless media sharing experience.
/ip/upnp/print
/ip/upnp/interfaces/add type=internal interface=bridge1
http://192.168.88.1:2828/gateway_description.xml
type=external
/ip/upnp/interfaces/set [find type=internal] disabled=yes
I agree with all your points: this is the kind of thing that should be in a different package. But just another day I found out WHO would want DLNA on routers (I was wandering about it too...)No, seriously - who asked for DLNA? Who needs DLNA in the main package of the router? Without ability to turn it off? Is it really that hard to keep routers for routing and separate packages for other unnecessary functions? Every single unnecessary feature increases attack surface and helps bad guys to get in. Every feature like this increases likelihood of another 0-day. Can we PLEASE put security and stability first?
I also agree with previous writer - put security and stability first THEN add new "cool" features as packages.I agree with all your points: this is the kind of thing that should be in a different package. But just another day I found out WHO would want DLNA on routers (I was wandering about it too...)No, seriously - who asked for DLNA? Who needs DLNA in the main package of the router? Without ability to turn it off? Is it really that hard to keep routers for routing and separate packages for other unnecessary functions? Every single unnecessary feature increases attack surface and helps bad guys to get in. Every feature like this increases likelihood of another 0-day. Can we PLEASE put security and stability first?
Looks like there is a market for this, weird but true. It was on the last newsletter (#119). Page 4, if I'm not mistaken. It just should be on another package, not the main one.
It likely works as in most companies: there is a "first line" that opens all the tickets and provides quick answers to those that are mostly questions or are based on obvious user errors.Exactly. Some tickets are answered on the same day, while others take days or even weeks. I believe that tickets are prioritized based on their complexity and/or topic. My experience with the support has been positive (overall).
That will then usually be "the bug will be solved in an upcoming RouterOS release, but we cannot tell you which one".
interface/bridge/print proplist=priority
Flags: X - disabled, R - running
0 R ;;; defconf
priority=0x8000
[admin@CRS309] > interface/bridge/msti/print proplist=priority
Flags: D - DYNAMIC
Columns: PRIORITY
# PRIORITY
0 0x7000
1 0x7000
2 0x7000
3 D 0x7000
interface/bridge/msti/print proplist=priority
Flags: D - DYNAMIC
Columns: PRIORITY
# PRIORITY
0 0x7000
1 0x7000
2 0x7000
3 D 0x8000
EDIT:*) console - added option to get "about" value (dynamically created text field by RouterOS services like CAPsMAN);
/interface wifi get about
print proplist=about
Still waiting for answer from support, infabo suggestedWith SUP-155649 I was asking how “reselect-interval” ( https://help.mikrotik.com/docs/display/ROS/WiFi ) is working, but still no answer.
Anyone has a clue?
still not clear how to use it, with the default !reselect-interval channels are not scanned? Was not easier to select a time, (01:00-02:00AM)? Using 6h-12h it could disconnect a client during work hours.reselect interval you define lower and upper bounds of interval. e.g. 30m / 1h. So earliest every 30m and latest every hour they perform reselect scan.
Then each AP randomly picks a value between 30m-1h, e.g. AP1: 41m30s, AP2: 32m34s, AP3: 50m10s. So they don't scan simultaneously and choose the same channel because no one is broadcasting and everyone just listening.
That is something that is bothering me as well. This frequency is checked for 1 min before used, hence this situation. Would really help if CAPsMAN took into account such a situation. I think this is solved after a rescan.Something is wrong with the initial scan for 5 GHz. Every time at boot, the frequency is set to 5500 on all APs. This does not happen for 2.4 GHz where APs receive different frequencies.
ExactlyAutomatic channel selection methods are useless anyway when you value performance.
It is better to first study the layout of the channels, then do some manual scanning and investigation of channel usage, and finally decide on fixed channels to use for each of your APs.
Well ... if you fix your frequencies and your neighbours don't, then those APs may eventually start to avoid "your" channels, making everybody happy. If neighbours also fix their frequencies, then again everybody is happy as long as one manages to avoid no only "C", but also "e" frequencies (as @pe1chl already mentioned).Simply no.
The approach may depend as well on the scale of your installation.Simply no. When you are surrounded with other vendor APs of nearby offices which change their channels randomly as well - you are out of luck with your "I plan my channels on a sheet of paper" approach.
@optio @eworm, what is now the correct way to terminate a script without an error in the log?I agree, commands like :error, :quit, :return are valid and it should not produce such error in log.
I did reset hap ax3 to default setting and reconfigure all the PPPoe client..and my wifi is working good.No more disconnection.Ros 7.15.2. (5GHz ax 80MHz 5500).The 2GHz was switched off.Has the issue of wireless clients being disconnected on hap ax2 been resolved yet? I haven't seen anything in the changelogs yet on this (staying on v7.14.3 in the meanwhile), hopefully someone can confirm
pseudobridge (wifi client against capsman APs) on Metal 2SHPn and RBmAP2nD still high packet loss, since ros 7.14.x
Not sure if any command currently exits script without producing error.@optio @eworm, what is now the correct way to terminate a script without an error in the log?
Well, you can just wrap your code into a block, den catch the error and do nothing...@optio @eworm, what is now the correct way to terminate a script without an error in the log?
:do {
# your code
# exit early with :error
:error false;
# other code
} on-error={ }
.pseudobridge (wifi client against capsman APs) on Metal 2SHPn and RBmAP2nD still high packet loss, since ros 7.14.x
What worked for me: set "protocol=none" on the "station pseudobridge" device.
You should try to make script so that it does not give error. And if there are no way around to avoid error du to different hw or software config, use on-error on a small block as possible.Well, you can just wrap your code into a block, den catch the error and do nothing...@optio @eworm, what is now the correct way to terminate a script without an error in the log?
BUT! Be aware that this mutes ALL errors, even the legitimate ones that should be regarded!
It worked for me with "protocol=rstp" (default value) until 7.13.5. Problems started with 7.14..pseudobridge (wifi client against capsman APs) on Metal 2SHPn and RBmAP2nD still high packet loss, since ros 7.14.xWhat worked for me: set "protocol=none" on the "station pseudobridge" device.
Worked also for me:
viewtopic.php?p=1025978#p1025970
It's stable and has been working perfectly for months.
*) bridge - improved protocol-mode STP and RSTP functionality;
Yes, I already noticed that. bridge of "station pseudobridge" device was elected as root-bridge. I already believed that this was my problem and lowered the bridge-priority on my main-AP to 0x7000. Then root-bridge was elected as I wanted - but it did not change anything on the issue. wifi port where the "station pseudobridge" connected was still "forwarding: no". Set protocol=none on this "station pseudobridge" device and all working. For me it seems like "improved" RSTP of 7.14+ does not play well with that pseudobridge thingy. Or it is some kind of incompatibility as this "station pseudobridge" device is the only ROS v6 device on my network.If root bridge election "wants" to go wrong then changing the RSTP priority can help. Set it to lower than default (8000) on bridge that should be a root bridge.
This is similar approach as when you mute script error logs in Logging settings since you need to put most of script code into do={} on-error={} to work (part where :error command is executed and everything after that). Nothing should not be added after on-error={} because it will be executed. It's just hacky approach, personally I did't want to change scripts like that.Code: Select all:do { # your code # exit early with :error :error false; # other code } on-error={ }
you saved my life :)What worked for me: set "protocol=none" on the "station pseudobridge" device.
What other managed switch do you have on your network that runs Rapid Spanning Tree Protocol?It worked for me with "protocol=rstp" (default value) until 7.13.5. Problems started with 7.14.
.
Worked also for me:
viewtopic.php?p=1025978#p1025970
It's stable and has been working perfectly for months.
Changelog of 7.14
"improved" is a Mikrotik codeword for introducing a fundamental change thus breaking some existing behaviour.Code: Select all*) bridge - improved protocol-mode STP and RSTP functionality;
I did not find a way to debug RSTP until today. Neither log topics "bridge" nor "stp" log anything related to RSTP. Already asked support but all they told me was: try bridge or stp topic. I would like to log the RSTP election process of root brige, when ports stop forwarding and so on. But it seems to be impossible.
View the link I postedall Mikrotik devices. all RSTP by default. no other switches on the network.
I have tried... only 1 out of 3 tickets got a reply for the past 3 weeks...Only way to get proper attention is to create a support ticket.
Logically it should be no STP.all Mikrotik devices. all RSTP by default. no other switches on the network.
These clearly don't appear in mindset of @wfburton ...... topology solutions with path redundancies and MLAG.
Yeah, I agree with it. It's easier to spot something that causes a problem than something that is off and should be on. Not to mention that it usually works.I think that STP dilemma (to have it or not to have it) is somehow similar to the dilemma about default firewall action (allow everything not forbidden or block everything not allowed). In certain cases the
I'm not having any network issues. I just posted what I have configured on my network as a comparison for others to view. You mentioned station-pseudobridge. Can you elaborate on that?
Logically it should be no STP.
Why do you think that? If there are no bugs, then having xSTP enabled should not be a problem (but can potentially protect your network from errors in topology). So clearly if problem gets solved by disabling RSTP, then there's a bug (in this case in station-pseudobridge implementation).
With such a post like that. I guess it was easier for you to insult me then explain why I need MLAG.These clearly don't appear in mindset of @wfburton ...... topology solutions with path redundancies and MLAG.
Any ROS bridge acts as a "switch" AFAIK.I don't see having RSTP enabled if you don't have another switch with RSTP enabled.
I don't see having RSTP enabled if you don't have another switch with RSTP enabled. All you would have is a designated root.
PoE in or out? I'm powering mine from a CSS106-1G-4P-1S. It's working perfectly.I too upgraded our RB5009's but unfortunately there is a bug in PoE for which I had to install 7.16beta4 to fix it :-(
Please explain in detail what you mean...There was ROS version string in v6 visible from every menu. What happened to that in v7?
That can be argued regarding what to display before you are logged in.Oh in webfig? He did not say it was about webfig... in winbox the version is in the title bar for both v6 and v7.
In general it is not a good idea to reveal the version on a login page. Scanners and intruders use that to know if you are running a version for which they know how to break in to it.
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 7.15.2 (c) 1999-2024 https://www.mikrotik.com/
Press F1 for help
How many places you want?
You have PLENTY of dead unused space below the button "Make Supout.rif" in the left menu - same with the area where the hostname is being displayed at the top of the page.Why is it important?
Maybe somebody else has another "very important" variable they need everywhere. We can't cram everything in one screen.
Fugly workaround... at least its one click away that way since the naming of the page wont display due to too long string (so the mousehover trick doesnt work).Pro tip ...
1. Click "Design Skin"
2. Go to Resources
3. Click triangle button next to Version
4. Select "Add to Status page"
now any variable can be your home screen.
Pro tip ...
1. Click "Design Skin"
2. Go to Resources
3. Click triangle button next to Version
4. Select "Add to Status page"
Click on System -> Resources first. Then in the upper right click on the setting icon and then "Design Skin".Pro tip ...
1. Click "Design Skin"
2. Go to Resources
3. Click triangle button next to Version
4. Select "Add to Status page"
Looks promising though I'm unable to locate any tab/menu called "Resources" in Design Skin mode..
There is a scroll bar, scroll to the right
The important decision of course is "can we have settable options for the layout in webfig".Maybe somebody else has another "very important" variable they need everywhere. We can't cram everything in one screen.
Some of us manually manage hundreds to thousands of devices (radios, routers, switches), and being able to see at a glance (like we used to be able to on Webfig) is extremely helpful, especially when troubleshooting known issues on certain versions, or determining if certain features exist on a customer's device.Why is it important?
Maybe somebody else has another "very important" variable they need everywhere. We can't cram everything in one screen.
Here too.So after trying several different config changes and even PSU swap I couldn't solve the WIFI stability issue. As a last resort I downgraded to 7.14.3 and after 3 hours not a single stability issue - except for 3 SA query timeouts on IOT devices.
Definitely seems like there is a WIFI stability issue in 7.15.2.
/interface wifi channel
add disabled=no frequency=2412,2432,2452,2472 name=channel2 width=20mhz # same with 20/40, same with ch 1/6/9
add disabled=no frequency=5745,5660,5580,5500,5260 name=channel5 width=20/40mhz # same with 20/40/80, same if forced everything on ch 36
/interface wifi datapath
add disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes name=sec1
# cannot turn off FT, roaming is why we went with Mikrotik ROS v7, cap AX and new WiFi, so did not even try
# tried with and without WPA3 - same
/interface wifi steering
add disabled=no name=steering1 neighbor-group=dynamic-ssid-xxxxxxx rrm=yes wnm=yes
/interface wifi configuration
add channel=channel2 country=xxxx datapath=datapath1 disabled=no mode=ap name=cfg-ax-2ghz security=sec1 ssid=ssid steering=steering1 tx-power=16 # tried lower and higher - same
add channel=channel5 country=xxxx datapath=datapath1 disabled=no mode=ap name=cfg-ax-5ghz security=sec1 ssid=ssid steering=steering1 tx-power=19 # tried lower and higher - same
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1 require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg-ax-2ghz name-format=wifi-2Gax-%I supported-bands=2ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=cfg-ax-5ghz name-format=wifi-5Gax-%I supported-bands=5ghz-ax
13:10:35 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -52
13:10:37 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -51
13:10:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -52
13:10:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -52
13:11:42 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -51
13:15:19 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -53
13:24:39 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -50
13:24:39 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -49
13:24:45 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -47
13:24:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -50
14:26:04 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -51
14:31:30 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -51
14:39:25 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -58
14:39:28 wireless,info 00:45:xx:xx:xx:xx@wifi-2Gax-AP-2 connected, signal strength -43
15:03:34 wireless,info 00:45:xx:xx:xx:xx@wifi-2Gax-AP-2 disconnected, SA Query timeout, signal strength -64
15:03:37 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -85
15:03:43 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86
15:03:44 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -78
15:03:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -76
15:03:50 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84
15:03:56 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86
15:03:56 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -73
15:03:57 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -73
15:04:01 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84
15:04:07 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -87
15:04:07 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -77
15:04:09 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -73
15:04:13 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -85
15:04:20 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -87
15:04:20 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -76
15:04:22 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -79
15:04:26 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -85
15:04:32 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86
15:04:32 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -77
15:04:34 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -75
15:04:38 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84
15:04:44 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -83
15:04:44 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -75
15:04:45 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -74
15:04:57 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -79
15:05:00 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -73
15:05:04 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84
15:05:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, connection lost, signal strength -87
15:05:59 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 connected, signal strength -49
15:27:11 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 disconnected, SA Query timeout, signal strength -61
15:27:15 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -83
15:27:21 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86
15:27:21 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 connected, signal strength -61
15:27:23 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 disconnected, SA Query timeout, signal strength -61
15:27:27 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -83
15:27:33 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86
15:27:33 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -51
16:06:03 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -52
Here too.So after trying several different config changes and even PSU swap I couldn't solve the WIFI stability issue. As a last resort I downgraded to 7.14.3 and after 3 hours not a single stability issue - except for 3 SA query timeouts on IOT devices.
Definitely seems like there is a WIFI stability issue in 7.15.2.
On 7.15.x we get constant disconnects with some of the clients, still trying to find out exactly who's to blame: Mikrotik or device. Same on 7.16betaX. Even on 7.14.3, but not so often. Usually there are multiple "SA query timeouts" in quick succesion, it seems when they move around (there are 4 APs), but sometimes even when static. Tried every suggestion I could find here, no difference. Later this week I'll try to check the affected devices - Windows laptops (I'm far from the location usually).
Config (hide-sensitive, renamed SSID):This is log for affected client:Code: Select all/interface wifi channel add disabled=no frequency=2412,2432,2452,2472 name=channel2 width=20mhz # same with 20/40, same with ch 1/6/9 add disabled=no frequency=5745,5660,5580,5500,5260 name=channel5 width=20/40mhz # same with 20/40/80, same if forced everything on ch 36 /interface wifi datapath add disabled=no name=datapath1 /interface wifi security add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes name=sec1 # cannot turn off FT, roaming is why we went with Mikrotik ROS v7, cap AX and new WiFi, so did not even try # tried with and without WPA3 - same /interface wifi steering add disabled=no name=steering1 neighbor-group=dynamic-ssid-xxxxxxx rrm=yes wnm=yes /interface wifi configuration add channel=channel2 country=xxxx datapath=datapath1 disabled=no mode=ap name=cfg-ax-2ghz security=sec1 ssid=ssid steering=steering1 tx-power=16 # tried lower and higher - same add channel=channel5 country=xxxx datapath=datapath1 disabled=no mode=ap name=cfg-ax-5ghz security=sec1 ssid=ssid steering=steering1 tx-power=19 # tried lower and higher - same /interface wifi capsman set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge1 require-peer-certificate=no upgrade-policy=suggest-same-version /interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=cfg-ax-2ghz name-format=wifi-2Gax-%I supported-bands=2ghz-ax add action=create-dynamic-enabled disabled=no master-configuration=cfg-ax-5ghz name-format=wifi-5Gax-%I supported-bands=5ghz-ax
Code: Select all13:10:35 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -52 13:10:37 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -51 13:10:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -52 13:10:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -52 13:11:42 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -51 13:15:19 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -53 13:24:39 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -50 13:24:39 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -49 13:24:45 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -47 13:24:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -50 14:26:04 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -51 14:31:30 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -51 14:39:25 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -58 14:39:28 wireless,info 00:45:xx:xx:xx:xx@wifi-2Gax-AP-2 connected, signal strength -43 15:03:34 wireless,info 00:45:xx:xx:xx:xx@wifi-2Gax-AP-2 disconnected, SA Query timeout, signal strength -64 15:03:37 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -85 15:03:43 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86 15:03:44 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -78 15:03:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -76 15:03:50 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84 15:03:56 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86 15:03:56 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -73 15:03:57 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -73 15:04:01 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84 15:04:07 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -87 15:04:07 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -77 15:04:09 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -73 15:04:13 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -85 15:04:20 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -87 15:04:20 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -76 15:04:22 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -79 15:04:26 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -85 15:04:32 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86 15:04:32 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -77 15:04:34 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -75 15:04:38 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84 15:04:44 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -83 15:04:44 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -75 15:04:45 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -74 15:04:57 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -79 15:05:00 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, SA Query timeout, signal strength -73 15:05:04 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -84 15:05:46 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, connection lost, signal strength -87 15:05:59 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 connected, signal strength -49 15:27:11 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 disconnected, SA Query timeout, signal strength -61 15:27:15 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -83 15:27:21 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86 15:27:21 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 connected, signal strength -61 15:27:23 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-2 disconnected, SA Query timeout, signal strength -61 15:27:27 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 connected, signal strength -83 15:27:33 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gac-AP-4 disconnected, SA Query timeout, signal strength -86 15:27:33 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 connected, signal strength -51 16:06:03 wireless,info 00:45:xx:xx:xx:xx@wifi-5Gax-AP-3 disconnected, connection lost, signal strength -52
I wonder if anybody else tested the speed of ROS 7, and 7.15.2 in particular, compared to ROS 6 (say 6.49.13)?
I reinstalled on clean config and entered it back manually...How exactly did you move between ROS versions?
it seems that the "visible config" (as shown by export command) sometimes doesn't correspond with actual hardware config (it seems that there's binary configuration blob which rarely gets out of sync with visible config).I wonder if anybody else tested the speed of ROS 7, and 7.15.2 in particular, compared to ROS 6 (say 6.49.13)?
If it's possible that configuration changes get (due to bugs) out of sync, then it's possible to see the command you wrote to fail to do everything properly as well. Netinstall is so far the only thing 100% sure to wipe all the remnants of old config.To me it sounds really broken if you are forced to use netinstall (to completely wipe the storage) for every upgrade.
The newer Linux Kernel in v7 no longer has a routing cache. In some usecases it provided big performance gains.And lo and behold on the same 1Gbps internet link with same configuration, same and pretty simple firewall rules, v6 is 50% faster.
Yes, I have also WiFi problems on a hAP ax2 with version 7.15.x, many disconnects.Since applying v7.15.2 my wifi is very spotty and it was working quite fine before this upgrade. My wifi wave2 configurations were all wiped out.
When will this be fixed and there is definitely an issue with this release.
Has anyone had a similiar issue. I am currently using a hAP ax³.
Feedback would be welcomed.
Yes, since around 6.45 there have been occasional reports about problems with configuration getting broken. Frequency of such reports (as perceived by myself) greatly increased with introduction of v7 ... it seems to subside slightly, but it still very high ... It seems to correlate with the behaviour where device would enter boot-loop after simple ROS upgrade (back in time when I started to work with ROS, around 6.20, things were rock solid).Again, to me that sounds like something is REALLY broken with RouterOS if such steps are needed.
Nope ... it must be the German (Alzheimer) talking out of me ;-)Yes, all after some changes for protected-routerboot.... Remember?.....
Frequent disconnects from the different WiFi SSIDs that I have available using VLAN segration. This never used to happen on this magnitude before upgrading to ROS 7.15.2. I am hoping that ROS 7.16 which is in beta and testing fixing whatever issues 7.15.2. Other than I am planning on reloading a backup of the configurations that I have and wiping out the current one that I have installed. If you have any feedback on how to resolve that would be welcomed also. Thank you.Wifi is spotty, means what? Does it disconnect, or is slow? During this time, make a supout.rif file and send to support.
No Wifi problems for me on 2 setups using 7.15.2...RB2011+cAp ax and RB4011+cAP ax, with VLANs managed by CAPsMAN. So the issues you and others have must be HW or config specific.Frequent disconnects from the different WiFi SSIDs that I have available using VLAN segration.Wifi is spotty, means what? Does it disconnect, or is slow? During this time, make a supout.rif file and send to support.
I am deeply scared. How can this be possible...I'll refresh it for you briefly:
Sometimes the "BIOS" gets confused and formats the NAND/Flash thinking that the protected-routerboot device reset procedure has been activated,
causing the classic continuous boot-loop which can only be resolved by netinstalling the device.
The latest version, that I know of, that doesn't do this randomly is 6.44.6.
OK, so I did some more testing, and have some positive results:Here too.So after trying several different config changes and even PSU swap I couldn't solve the WIFI stability issue. As a last resort I downgraded to 7.14.3 and after 3 hours not a single stability issue - except for 3 SA query timeouts on IOT devices.
Definitely seems like there is a WIFI stability issue in 7.15.2.
On 7.15.x we get constant disconnects with some of the clients, still trying to find out exactly who's to blame: Mikrotik or device. Same on 7.16betaX. Even on 7.14.3, but not so often. Usually there are multiple "SA query timeouts" in quick succesion, it seems when they move around (there are 4 APs), but sometimes even when static. Tried every suggestion I could find here, no difference. Later this week I'll try to check the affected devices - Windows laptops (I'm far from the location usually).
...
/interface wifi security add authentication-types=wpa2-psk connect-priority=0/1 disabled=no encryption=ccmp ft=yes ft-preserve-vlanid=no name=sec1
To me "reset config leaves some stuff invisible" sounds like a ghost story, and I doubt you have any tangible proof of that, for example router is doing something it is not configured to do, except your gut filing I mean...If it's possible that configuration changes get (due to bugs) out of sync, then it's possible to see the command you wrote to fail to do everything properly as well. Netinstall is so far the only thing 100% sure to wipe all the remnants of old config.To me it sounds really broken if you are forced to use netinstall (to completely wipe the storage) for every upgrade.
And no, it's not necessary to to netinstall for every upgrade, it may be necessary between versions with funtamentally different config (v6 to v7 is one such candidate, v7.12 to 7.13 due to wifi changes not so much).
Anyone seeing excessive SQ Query timeouts should try to set "security.management-protection=disabled".disconnected, SA Query timeout, signal strength -61
LACPtoSwitches: bridge RX looped packet - MAC 18:fd:74:78:3b:9b -> ff:ff:ff:ff:ff:ff VID 80 ETHERTYPE 0x0800 IP UDP 0.0.0.0:68 -> 255.255.255.255:67
I think Mikrotik read an all Buffalo networks manual, and said... you know what would be cool?I agree with all your points: this is the kind of thing that should be in a different package. But just another day I found out WHO would want DLNA on routers (I was wandering about it too...)No, seriously - who asked for DLNA? Who needs DLNA in the main package of the router? Without ability to turn it off? Is it really that hard to keep routers for routing and separate packages for other unnecessary functions? Every single unnecessary feature increases attack surface and helps bad guys to get in. Every feature like this increases likelihood of another 0-day. Can we PLEASE put security and stability first?
Looks like there is a market for this, weird but true. It was on the last newsletter (#119). Page 4, if I'm not mistaken. It just should be on another package, not the main one.
After my move from 7.15 to 7.15.2
I keep seeingLACPtoSwitches is a bond to a set of MLAG switches.Code: Select allLACPtoSwitches: bridge RX looped packet - MAC 18:fd:74:78:3b:9b -> ff:ff:ff:ff:ff:ff VID 80 ETHERTYPE 0x0800 IP UDP 0.0.0.0:68 -> 255.255.255.255:67
18:fd:74:78:3b:9b is my eth6 on my Router (5009) which connects an CAPAX.
All devices are the same version.
I do see something funky on the capAX. Wireless is controlled by capsman on the 5009.
On the capax, bridge, ports, I see each of the dynamically created wireless interfaces, and it lists a PVID.
On the bridge > vlan tab, It lists each of those dynamically created wireless interfaces, with their vlan as tagged on the interface. As far as I remember, an interface cannot be tagged and untagged for the same vlan.
While I think what is meant is that this is untagged for each of these interfaces, both winbox and cli print shows the same information. Who knows if this is by design or by accident.
If we're talking about bridge with vlan-filtering=yes, then pvid setting only affects untagged frames on ingress. Untagging on egress is (strictly speaking) controlled by setting untagged property under /interface/bridge/vlan ... indeed setting pvid will automatically add a (dynamic) entry to that table, but if one explicitly sets same port as tagged there, then it's up to anyone's guess as to what happens (some MT dev might know the answer).That is PVID defines which VLAN untagged frame arrives should be considered to belong to. But also for which internal VLAN should the tag be removed when sent out on this interface.
I found it for you.Manual is still not updated.
Along with that for example Cisco IOS up to version 16.03.069 the default were short but since 16.0.6.x the default is long.The IEEE 802.1D specification assigns 16-bit (short) default port cost values to each port that is based on bandwidth. You can also manually assign port costs between 1-65535. The 16-bit values are only used for ports that have not been specifically configured for port cost.
802.1t assigns 32-bit (long) default port cost values to each port using a formula that is based on the port bandwidth. You can also manually assign port costs between 1-200,000,000. The formula for obtaining default 32-bit port costs is to divide the bandwidth of the port by 200,000,000.
What do you mean because i have the same error in openDNS script after update 7.15.2I was also getting the script error in my logs after upgrading to 7.15.
"executing script from scheduler failed, please check it manually"
The solution was to replace the word "system" with "routeros"
Old - :set Var1 "$[/system package get system version]"
New: :set Var1 "$[/system package get routeros version]"
Replace system by routeros, at least that is what I'm reading.What do you mean because i have the same error in openDNS script after update 7.15.2I was also getting the script error in my logs after upgrading to 7.15.
"executing script from scheduler failed, please check it manually"
The solution was to replace the word "system" with "routeros"
Old - :set Var1 "$[/system package get system version]"
New: :set Var1 "$[/system package get routeros version]"
The same error message does not necessarily mean the same error. This particular error message says that execution of the script has ended prematurely due to some error inside the script, but the change of the package name from system to routeros is just one of many possible errors in your script that may have been caused by a version change - some parameters may be renamed, some missing...What do you mean because i have the same error in openDNS script after update 7.15.2
I have isolated those two and aligned them, so hopefully you now see they are not the same.Code: Select allwifi2 (main 5ghz Interface): DC:2C:6E: XX:XX:D1 wifi3 (slave 2,4ghz 1): DE:2C:6E:XX:XX:D1 (SAME AS MAIN 5ghz Interface)
sry, ok i see the different :DI have isolated those two and aligned them, so hopefully you now see they are not the same.Code: Select allwifi2 (main 5ghz Interface): DC:2C:6E: XX:XX:D1 wifi3 (slave 2,4ghz 1): DE:2C:6E:XX:XX:D1 (SAME AS MAIN 5ghz Interface)
How can on the first part DE be the same as DC ???
sry, was a copy paste error, the macs are the same, one is with a space
Code: Select allwifi2 (main 5ghz Interface): DC:2C:6E:XX:XX:D1 wifi3 (slave 2,4ghz 1): DE:2C:6E:XX:XX:D1 (SAME AS MAIN 5ghz Interface)
https://en.wikipedia.org/wiki/MAC_addre ... 2FL_bit.29How can on the first part DE be the same as DC ???
I'll rephrase my remark...https://en.wikipedia.org/wiki/MAC_addre ... 2FL_bit.29
See the part on locally administered addresses...
Did the jump from 7.14.3 to 7.15.1 on a CCR1009 (Tile) Router, and had Winbox 3.40 unable to connect afterwards.
Clearing the WinBox cache did fix this problem.
For anyone else experiencing that issue.
What is a config-less modem interface? Is that a full LTE interface that has not yet been configured, or is it one of those USB sticks (e.g. the Huawei E3372) that are detected as "LTE" but then are merely a plain network interface without any LTE configuration?*) lte - fixed possible crash when enabling/disabling config-less modem interface;
/ipv6/firewall/mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
/ipv6/firewall/mangle
add action=change-mss chain=forward new-mss=1340 passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
It's a known limitation of wifi-qcom-ac ... as opposed to wifi-qcom which does support VLANs in datapath.the wifi-qcom-ac does not support datapath with vlan
the case is on client side installation .@prawira why did you open a support ticket? feature request or what was your intention?
Also, first thing one would read **before** considering migrating from wireless to wifi-qcom-ac:vlan-id (none | integer 1..4095)
Default VLAN ID to assign to client devices connecting to this interface (only relevant to interfaces in AP mode).
When a client is assigned a VLAN ID, traffic coming from the client is automatically tagged with the ID and only packets tagged with with this ID are forwarded to the client.
Default: none
802.11ac chipsets do not support this type of VLAN tagging , but they can be configured as VLAN access ports in bridge settings.
So all the info is there. But seems like documentation is not even read by trainers.Lost features
The following notable features are lost when running 802.11ac products with drivers that are compatible with the 'wifi' management interface
Nstreme and Nv2 wireless protocols
VLAN configuration in the wireless settings (Per-interface VLANs can be configured in bridge settings)
Compatibility with station-bridging as implemented in the 'wireless' package, station-bridge only works between the same type of drivers. Wifi to Wifi, and Wireless to Wireless.
No, the upgrade did not cause the problem. After upgrading you end up with the old wireless driver.it was running fine on 6.49.10 and got problem as soon as upgrade to 7.15.2
As this might not be strictly on this topic here I do a "shameless plug" to new thread on this issue -> viewtopic.php?t=209582MSS of 1432 is consistent with an MTU of 1492, the default value for PPPoE without RFC4638.
When your client system already knows the MTU (it can receive that information via ND) then what you observe is correct.
Now you write that in other places you see an MTU of 1472, that is an unusual value for native IPv6, but it can be found when IPv6 is tunneled in IPv4 over a PPPoE connection.
You wrote "I got IPv6 on my connection recently", is that native IPv6 from your provider or did you setup some tunnel?
In that case, you have the MTU setting wrong at some point.
I doubt there is much more Mikrotik can do with wifi-qcom-ac, it is almost 1.2MB bigger than legacy wireless which is pretty much on a 16MB device leaving only a about 250kB free space which makes adding some additional features pretty difficult IMHO, also it is much more memory hungry which often leads to OOM conditions and kernel restarts so although you may try it with ARM ac devices it seems so far more of a test/beta development and not something for production use unless you really need new CAPsMAN or WPA3 in which case you must create a bridge for every vlan, create vlan interfaces, and add that vlan and wifi to the bridge instead of using tags defined in wireless menu...the case is on client side installation .@prawira why did you open a support ticket? feature request or what was your intention?
it was running fine on 6.49.10 and got problem as soon as upgrade to 7.15.2
i spend hours to find out that it's really wifi-qcom-ac problem and it works fine as soon as it repalce with with wireless.npk / legacy driver
so i create ticket to get an attention of mikrotik support and the developers.
leaving only a about 250kB free space
You may both be right as the configuration can take hundreds of kilobytes of flash, so the difference is easily explainable this way. I've learned that the hard way, losing about three weeks worth of configuration changes after a reboot.You have at least 650-700kb free space on 7.15.x with wifi-qcom-ac package.
So you don't backup your router(s) regularly? I backup all 300+ Mikrotik devices I manage automatically every 6 hours and keep old backups essentially forever (well, at least 3 years, it's not taking too much space when compressed), just in case... Saved my *ss a few times :)... I've learned that the hard way, losing about three weeks worth of configuration changes after a reboot.
i had the same issue and solved it writing in scheduler /system script run yourscriptname; instead scriptname.Also see this error!Script execution seems not fixed.
After update to 7.15, red warnings started in sys log with: "Executing script from scheduler failed, please check it manually"
Scrips seems to be working, but this warning is present.
All scripts with :global or other definitions generate error.
Many global functions work for me, only scripts that somehow use toip do not work.
Actually I checked, Mikrotik managed to significantly reduce package size in ROS 7.15.3...leaving only a about 250kB free spaceYou may both be right as the configuration can take hundreds of kilobytes of flash, so the difference is easily explainable this way. I've learned that the hard way, losing about three weeks worth of configuration changes after a reboot.You have at least 650-700kb free space on 7.15.x with wifi-qcom-ac package.
system/package/print
Columns: NAME, VERSION, BUILD-TIME, SIZE
# NAME VERSION BUILD-TIME SIZE
0 wifi-qcom-ac 7.14.3 2024-04-17 12:47:58 2916.1KiB
1 routeros 7.14.3 2024-04-17 12:47:58 11.2MiB
system/package/print
Columns: NAME, VERSION, BUILD-TIME, SIZE
# NAME VERSION BUILD-TIME SIZE
0 wifi-qcom-ac 7.15.3 2024-07-24 10:39:01 2676.1KiB
1 routeros 7.15.3 2024-07-24 10:39:01 11.0MiB
Well, it seems impossible for them to keep a clear table of health measurement methods for all their hardware, and to make sure that on any change it will remain working on all of it.Since 7.15.x the problem with 'fans entered state FAIL' has come back on my CRS317, despite the fans running fine and me doing the '/system/health/settings/detect-fans' dance. this was fine for a couple of versions now *sigh*
I am also seeing a lot of disconnections between 2x C52iG-5HaxD2HaxD when using VPLS/MPLS tunnels while on 7.15.3We had to disable MPLS on all our 2216 because of substantial packet drops on 7.14.3. The VPLS tunnels were running but unusable due to packet loss, which was also present in packets routed on the core network. We are still investigating, cause the issue is present only on 2216. There has been no reply from support jet.I try today v7.15 on 3 different 4011.
VPLS vs 7.14 2216 doesn't go running.
After dowgrade it to 7.14 interface goes up with no configuration change.
Anyone noticed this issue?
Hello, but when you said hAP lite, you mean RB941-2nD (RAM 32 MB, Storage 16 MB)? So there was no problems with the router constantly rebooting like on some first versions of ROS7? I am trying to understand if ROS 7 will work on my hap lite with configurations of: DHCP server, Wi-Fi for wireless clients (mobiles, tables - all together 8-9 devices), some firewall rules, and most important WireGuard (for routing some traffic in VPN)? Like how to even upgrade if with so low memory.There seems to be stability issues with Chateau 5G after modem firmware and ROS upgrade.
After upgrading the modem firmware to the latest version along with upgrading to ROS v7.15 the modem has become very unstable with either randomly resetting itself with error “lte1 mbim: modem's control interface have reset (4)” in the logs or with completely getting into an invalid state with repeated “lte1: no response for: AT E0 V1” errors in the log and needing to restart the whole device to recover itself.
[SUP-154766]
On every other device that I've installed v7.15 (CCR2116, CCR2004, CCR1036, CRS326, CRS318, RB5009, RB4011, RB3011, hAP Lite, CHR), I've got no issues whatsoever.
I myself was surprised by the fact v7.15.3 on the page:hAP lite (RB941-2nD)
The last thing I tried was versions 7.11.x and 7.13.5
The configuration is simple (+ kid-control, - wireguard) and the device is ~the same.
WiFi worked stable and more powerful.
Currently rolled back to 6.49.15, but I don't like the CPU load.