Community discussions

MikroTik App
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 336
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

v7.16.2 [stable] is released!

Tue Sep 24, 2024 9:38 am

RouterOS version 7.16 have been released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.16.2 (2024-Nov-26 14:09):

*) certificate - do not download CRL if there is not enough free RAM;
*) certificate - fixed handling of capsman-cap certificates (introduced in v7.16);
*) dhcpv4-server/relay - added additional error messages for DHCP servers and relays;
*) dns - fixed lookup order for static DNS entries (introduced in v7.16.1);
*) ethernet - improved linking after reboot for hAP ax lite devices ("/system routerboard upgrade" required);
*) gps - changed default GPS antenna setting for LtAP mini with internal LTE/GPS combo antenna;
*) leds - fixed bogus argument for "leds" property (introduced in v7.16);
*) leds - fixed PoE-in LEDs for CRS318-1Fi-15Fr-2S device;
*) modem - KNOT BG77 modem, improved handling of modem unexpected restarts;
*) route - fixed possible issue with inactive routes after reboot (introduced in v7.16);
*) routerboot - improved stability for IPQ8072 and IPQ6010 when flash-boot is used ("/system routerboard upgrade" required);

What's new in 7.16.1 (2024-Oct-10 17:03):

*) defconf - changed wireless installation from "indoor" to "any";
*) defconf - disable 5GHz secondary channel on RB4011;
*) dns - do not look up local cache when executing ":resolve" command with specified "server" parameter (introduced in v7.16);
*) sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices ("/system routerboard upgrade" required);

What's new in 7.16 (2024-Sep-20 16:00):

*) 6to4 - fixed 6to4 tunnel LL address generation after system reboot;
*) 6to4 - improved system stability when using 6to4 tunnel without specified remote-address;
*) 6to4 - limit keepalive timeout maximum value;
*) address - added "S" flag for addresses that belong to a slave interface;
*) arm64 - fixed "disable-running-check" for ARM64 UEFI;
*) arm64 - increased reserved storage space for bootloader;
*) arm64/x86 - added rtl8111/8168/8411 firmware;
*) arp - fixed possible issue with invalid entries;
*) bgp - fixed BGP sessions missing vpnv6 afi;
*) bgp - fixed cluster-list and originator-id;
*) bgp - fixed corrupted as-path when received update with empty AS_PATH attribute (introduced in v7.15);
*) bgp - fixed minor logging typo;
*) bgp - fixed vpnv6 safi;
*) bgp - small logging improvements;
*) bridge - added dynamic tagged entry when VLAN interface is created on vlan-filtering bridge;
*) bridge - added forward-reserved-addresses property which controls forwarding of MAC 01:80:C2:00:00:0x range (separated from "protocol-mode=none" functionality, disabled by default after upgrade);
*) bridge - added L2 MDB support for IGMP snooping;
*) bridge - added max-learned-entries property for bridge;
*) bridge - added message about who created a dynamic VLAN entry;
*) bridge - added MVRP support for VLANs assigned to bridge;
*) bridge - do not allow duplicate ports;
*) bridge - fixed BPDU address when using "ether-type=0x88a8" configuration;
*) bridge - fixed MVRP leave;
*) bridge - fixed port "point-to-point" status after first link change;
*) bridge - fixed typo in filter and NAT error message;
*) bridge - improved system stability when removing MLAG configuration;
*) bridge - show invalid flag for ports that fails to be added to bridge (e.g. maximum port limit of 1024 is reached);
*) bth - improved stability on system time change;
*) certificate - added no-key-export parameter for import;
*) certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt;
*) certificate - improved DNS challenge error reporting for Let's Encrypt;
*) certificate - improved RSA key signature processing speed;
*) certificate - show validity beyond year 2038;
*) chr - added support for licensing over IPv6 network;
*) chr - fixed incorrect disk size for ARM64;
*) console - added "about" filters for "find" and "print where" commands;
*) console - added "verbose=progress" mode for import status updates, and verbose output only on failures;
*) console - added additional byte-array option to :convert command;
*) console - added dry-run parameter to simulate import of files and find syntax errors without making configuration changes (verbose only);
*) console - added limits for dst-start and dst-end clock properties;
*) console - added lock screen via :lock command;
*) console - added uppercase and lowercase transform modes to :convert command;
*) console - disallow ping command with empty address;
*) console - display hint when requesting specific argument syntax;
*) console - do not show default boot-os setting in export;
*) console - fixed an issue where certain MAC address can be interpreted as time value;
*) console - fixed negative values for gmt-offset clock property;
*) console - fixed output of ping command in certain cases;
*) console - fixed typo in firewall error message;
*) console - improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format;
*) console - improved large import file handling, error detection and stability;
*) console - improved stability when pasting a large input;
*) console - improved stability when removing script;
*) console - increased default width for bitrate type of columns;
*) console - removed follow-strict parameter;
*) console - show rest-api name for active user connections;
*) container - clear VETH address on container exit and mark interface as running only when VETH is in use;
*) defconf - configure the default-route property for PPP clients only on devices with a built-in modem;
*) detnet - properly detect "Internet" status when multiple detnet instances preset in network;
*) dhcp - added comment property for matchers, options and option sets;
*) dhcp - improved DHCP IPv4 and IPv6 client/relay/server underlying interface state change handling;
*) dhcp - improved insert-queue-before, parent-queue and allow-dual-stack-queue behavior;
*) dhcpv4-client - execute script on DNS server or gateway address change;
*) dhcpv4-server - added "class-id" parameter for DHCP server leases;
*) dhcpv4-server - added matcher ability to match substring;
*) dhcpv4-server - added name for "User-Class" option (77), "Authentication" option (90), "SIP-Servers-DHCP-Option" option (120) and "Unassigned" option (163-174) in debug logs;
*) dhcpv4-server - fixed setting and getting "next-server" property;
*) dhcpv4-server - increased lease offer timeout to 120 seconds;
*) dhcpv4-server - remove corresponding dynamic leases if their address-pool gets removed;
*) dhcpv4-server - show active-server and host-name in print active command;
*) dhcpv6-client - do not add default gateway twice when both prefix and address is acquired;
*) dhcpv6-client - fixed T1, T2, valid-lifetime and preferred-lifetime compliance with RFC8415 by using value 0;
*) dhcpv6-client - pause client and remove dynamically installed objects while it becomes invalid;
*) dhcpv6-client - release client on failed renew attempt;
*) dhcpv6-client - update gateway address for default route on renew;
*) dhcpv6-server - improved system stability;
*) discovery - added discover-interval setting;
*) discovery - added LLDP Port VLAN ID, Port And Protocol VLAN ID, VLAN Name TLVs support;
*) discovery - added LLDP-MED timeout;
*) discovery - changed default discover-interval setting from 60s to 30s;
*) discovery - set unknown bit for any unspecified link type in MAC/PHY TLV;
*) disk - added "wipe-quick" file-system option to format-drive command (CLI only);
*) disk - added log message when disks get added or removed;
*) disk - added simple test command to test device and filesystem speeds (CLI only);
*) disk - improved system stability;
*) disk - remove dummy "slot1" entries on CHR;
*) dns - added support for DoH with adlist;
*) dns - added support for DoH with static FWD entries;
*) dns - added support for mDNS proxy;
*) dns - improved imported adlist parsing;
*) dns - refactored adlist service internal processes and improved logging;
*) dns - refactored DNS service internal processes;
*) dns - show static entry type "A" field in console;
*) dude - fixed map element RouterOS package upgrade functionality;
*) ethernet - fixed port speed downshift functionality for CRS354 devices;
*) ethernet - improved system stability for Alpine CPUs when dealing with unexpected non-UDP/TCP packet transmit;
*) fetch - handle HTTP 401 status correctly;
*) fetch - improved logging;
*) file - renamed "creation-time" to "last-modified";
*) filesystem - improved boot speed after device is rebooted without proper shutdown;
*) filesystem - refactored internal processes to minimize sector writes;
*) firewall - added message when interface belonging to VRF is added in filter rules;
*) firewall - fixed an issue with unsetting src-address-type;
*) firewall - fixed IPv6 "nth" matcher showing up twice in help;
*) firewall - fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command;
*) firewall - removed unnecessary TLS host matcher from NAT tables;
*) health - fixed board-temperature for KNOT device (introduced in v7.15);
*) health - fixed bogus CPU temperature spikes for CCR2216 device;
*) health - fixed missing health for CRS112-8G-4S device (introduced in v7.15);
*) health - improved voltage measurements for RB912UAG-6HPnD and RB912UAG-5HPnD devices;
*) health - removed unnecessary health settings for RB921 and RB922 devices;
*) health - upgraded fan controller firmware to latest version;
*) hotspot - properly escape all reserved URI characters;
*) ike1 - removed unsupported NAT-D drafts with invalid payload numbers;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation;
*) install - allow to save old configuration during cdrom install;
*) install - fixed ARM64 cdrom install (introduced in v7.15);
*) iot - added an option to delete default LoRa servers and a button to recover them if needed;
*) iot - added an option to log LoRa filtered packets;
*) iot - added LoRa NetID and JoinEUI filtering for LNS and CUPS connections;
*) iot - added LoRa option to filter out proprietary packets;
*) iot - fixed incorrect LoRa filter export behavior;
*) iot - fixed LoRa inability to set SSL for LoRa servers via command line;
*) iot - fixed LoRa inability to use variables for GPS-spoofing setting;
*) ip - added max-sessions property for services;
*) ip/ipv6 - added multipath hash policy settings;
*) ipip6 - make IPv6 LL address random;
*) ipsec - changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4;
*) ipsec - improved installed SA statistics update;
*) ipv6 - added "d" deprecated flag for expired IPv6 SLAAC addresses;
*) ipv6 - allow to properly disable address when it is generated from pool;
*) ipv6 - allow to properly move IPv6 address from slave interface to a bridge interface;
*) ipv6 - do not allow adding address with invalid prefix when using pool;
*) ipv6 - do not allow to manually delete LL address;
*) ipv6 - fixed "no-dad" functionality;
*) ipv6 - fixed dynamic duplicate address showing when static address is already configured;
*) ipv6 - fixed pool allocated addresses missing after reboot;
*) ipv6 - fixed SLAAC address dynamic appearance;
*) ipv6 - improved handling of IPv6 address information;
*) ipv6 - improved LL address generation process;
*) ipv6 - properly initialize default ND "interface=all" entry;
*) ipv6 - respect APN settings for "add-default-route" and "use-peer-dns" also when "accept-router-advertisements=yes";
*) ipv6 - warn user that reboot is required in order to properly apply accept-router-advertisements changes;
*) isis - fixed filter-chain and filter-select settings;
*) isis - install IPv6 link-local gateways correctly;
*) l2tp - improved system stability;
*) l3hw - added per-VLAN packet and byte counters to compatible switches;
*) l3hw - disable L3HW on bonding modes that do not support it;
*) log - added basic validation for "disk-file-name" property;
*) lte - added "sms-protocol" setting in "/interface lte" menu (CLI only);
*) lte - fixed "at-chat" for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
*) lte - fixed cases where LTE interface would take long time to become ready after bootup for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) lte - fixed cases where modem could be handled by multiple dialer instances;
*) lte - fixed modem firmware upgrade for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) lte - fixed possible crash when enabling/disabling config-less modem interface;
*) lte - fixed R11e-LTE no traffic flow when modem with older firmware version is used;
*) lte - fixed support for Fibocom modem fm150-na;
*) lte - improved modem AT/modem port open;
*) lte - improvements to "/interface/lte/show-capabilities" command;
*) media - improved file indexing for DLNA;
*) modem - added authentication functionality to EC200A;
*) modem - fixed PPP link recovery when port unexpectedly removed and returned due to modem firmware crash;
*) modem - fixed unresponsive PPP link recovery when TX bandwidth was exceeding link capacity;
*) modem - improved support for KNOT BG77 modem firmware update;
*) mqtt - broker password is no longer exported unless "show-sensitive" flag is used;
*) netinstall-cli - added check for device and package architectures match;
*) netinstall-cli - added support for multiple device install;
*) netinstall-cli - allow mixed package architectures;
*) netwatch - added DNS probe;
*) netwatch - added ttl and accept-icmp-time-exceeded properties for ICMP probe;
*) netwatch - use time format according to ISO standard;
*) ospf - improved system stability during LSA monitoring;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) poe-out - fixed low-voltage detection while PD is connected for KNOT device;
*) poe-out - fixed silent firmware upgrade fail on CRS112-8P-4S device (introduced in v7.15);
*) poe-out - upgraded firmware for SAMD20 PSE (AF/AT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added IPv6 support for the "remote-access" feature;
*) ppp - added SIM hot-plug enable command to default init-string for KNOT and CME gateway;
*) ppp - added support for IPv6-only domain names to l2tp-client, ovpn-client and sstp-client;
*) ppp - automatically generate IPv6 firewall rules when filter-id is specified;
*) ppp - fixed dynamic queue default name (introduced in v7.15);
*) ppp - fixed PPP info parser showing error for BG77 modem running on KNOT AUX AT/modem port;
*) profiler - classify wifi processing as "wireless";
*) ptp - added PTP support for CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ, CRS518-16XS-2XQ, CRS504-4XQ, CRS510-8XS-2XQ devices;
*) qos-hw - added H and I flags to queues;
*) qos-hw - added new monitoring properties for ports and global QoS stats;
*) qos-hw - added queue-buffers property to tx-manager;
*) qos-hw - allow port print stats, usage and pfc while QoS is disabled;
*) qos-hw - allow to set queue-buffers in bytes, percent or auto;
*) qos-hw - enabling ECN forces WRED (unless share is disabled);
*) qos-hw - fixed egress-rate limit validation;
*) qos-hw - fixed global buffer limits for 98DX8212 and 98DX8332 switches;
*) qos-hw - fixed WRED thresholds;
*) qos-hw - improved behavior when changing ports tx-manger;
*) qos-hw - limit WRED to queues with enabled shared buffers;
*) queue - improved system stability;
*) quickset - removed Basic AP mode;
*) rose-storage - fixed "/file sysnc status" parameter to be read-only;
*) rose-storage - moved "/rsync-daemon" to "/file rsync-daemon;
*) rose-storage - renamed sync "remote-addr" property to "remote-address";
*) route - added ability to redistribute isis routes;
*) route - fixed incorrectly handled route distinguisher and route targets (introduced in v7.15);
*) route - fixed memory leak (introduced in v7.15);
*) route - fixed some missing route parameters when printing (introduced in v7.15);
*) route - improved route attribute handling (may increase memory usage);
*) route - improved routing table update performance;
*) route - improved stability when getting entries from large routing tables;
*) route - place static route in the correct VRF when vrf-interface parameter is used;
*) route - rename route type from is-is to isis;
*) routerboard - improved Etherboot stability for CRS320-8P-8B-4S+ device ("/system routerboard upgrade" required);
*) routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
*) routerboot - improved boot process ("/system routerboard upgrade" required);
*) rpki - fixed preference sorting;
*) sfp - fixed calculated link length based on EEPROM in certain cases;
*) sfp - fixed missing traffic after reboot with S-RJ01 module running at 10/100 Mbps rate on CCR2004-16G-2S+ device;
*) sfp - fixed SFP28 interface with fec74 mode on CCR2004-1G-2XS-PCIe device;
*) sfp - fixed SFP28 jumbo frame processing on CCR2004-1G-2XS-PCIe device;
*) sms - added polling setting so that RouterOS itself checks SMS instead of relying on URC messages;
*) snmp - added support for KNOT BG77 modem cellular signal info;
*) snmp - fixed LAST-UPDATED format in MIKROTIK-MIB;
*) ssh - fixed SSH cryptographic accelerator selection for GCM cipher (introduced in v7.14);
*) ssh - fixed unsupported user SSH public key import (introduced in v7.15);
*) ssh - improved system stability when SSH tries to bind to non-existing interface;
*) supout - added detnet section;
*) supout - added monitor command for all wifi interfaces;
*) supout - added netwatch section;
*) supout - added user SSH keys section;
*) supout - increased console output width;
*) supout - limit address-list and connection tracking entries to 999 in supout.rif;
*) supout - rename "store" section to "disk";
*) switch - fixed an issue where half-duplex links could occupy Tx resources for 98DX8xxx, 98DX4xxx, 98DX325x switch chips;
*) switch - fixed an issue with Ethernet port group hang for CRS354 devices;
*) switch - fixed Ethernet interface counter 32bit overflow for CRS354 devices;
*) switch - fixed limited Tx traffic on Ethernet ports for CRS354 devices (introduced in v7.15);
*) switch - improved switch reset;
*) switch - improved system stability on CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) system - added "clock" logging topic for time change related messages;
*) system - added critical log message when not enough space to store new configuration;
*) system - added log message if device failed to reboot gracefully;
*) system - added more details to user initiated reboot (reset, upgrade, downgrade);
*) system - added support for upgrade over IPv6 network;
*) system - do not cancel package upgrade if another architecture packages found on the router;
*) system - do not download packages scheduled for uninstall;
*) system - do not start IPsec and certificate processes when not necessary;
*) system - fixed "free disk space" error message on system upgrade/downgrade;
*) system - fixed an issue where routing configuration was missing after performing a reset, adding a new configuration and then upgrading (introduced in v7.15);
*) system - fixed empty logs after reboot in certain cases;
*) system - improved internal system services messaging;
*) system - improved performance for TCP input;
*) system - improved reporting of total memory size;
*) system - improved system stability for CCR2004-1G-2XS-PCIe device;
*) system - improved system stability for RBSXTsq5nD and RBLDF-5nD;
*) system - improved system stability;
*) system - improved watchdog and kernel panic reporting;
*) system - reduced RAM usage for ARM64 devices;
*) system - set flash-boot mode as "boot-device" after system reset initiated by reset button ("/system routerboard upgrade" required);
*) system - set flash-boot mode as "boot-device" after system reset initiated from software;
*) traceroute - do not stop traceroute after 5 consecutive unreachable hops;
*) tunnel - allow specifying IPv6 LL address as "remote-address" for EoIPv6, GRE6 and IPIP6 tunnels;
*) user - added inactivity timeout for non-GUI sessions;
*) user-manager - updated logo;
*) vxlan - added comment support to VTEPs;
*) vxlan - prevent creating multiple VTEPs with same IP/port combination;
*) webfig - allow to enter time that exceeds 23:59:59;
*) webfig - correctly display default value for number type;
*) webfig - enabled hotlock mode for terminal;
*) webfig - fixed an issue where wrong menu title was shown;
*) webfig - fixed issue with incorrectly applying optional fields;
*) webfig - fixed sorting by datetime;
*) webfig - use "any" argument by default for Torch "Port" property;
*) wifi - added "slave-name-format";
*) wifi - added interface provisioning logs;
*) wifi - adjusted virtual interface naming when provisioning local radios;
*) wifi - do not allow frequency-scan on virtual interfaces;
*) wifi - do not unset radio-mac and master-interface properties on reset;
*) wifi - enable creating virtual wifi interfaces using "copy-from" setting;
*) wifi - fixed packet receive when having multiple station interfaces;
*) wifi - fixed signal strength reporting during association (introduced in v7.15);
*) wifi - fixed typo in log message;
*) wifi - improve regulatory compliance for Chateau ax devices;
*) wifi - improved interface stability when receiving invalid FT authentication frames;
*) wifi - improved system stability after interface hang;
*) wifi - improved WPA3 PMKSA handling when access-lists with custom passphrases are used;
*) wifi - make sniffer tool return an error when attempting to sniff with a radio which does not support it;
*) wifi - send channel switch announcements to clients when switching channels at requested re-select intervals;
*) wifi - use name-format also for local interfaces when provisioning;
*) wifi-qcom - add spectral-scan and spectral-history tools (CLI only);
*) wifi-qcom-ac - count dropped packets to "tx-drop" instead of "tx-error";
*) wifi-qcom-ac - improved memory allocating process;
*) winbox - added "Import Router ID" parameter under "Routing/BGP/VPN" menu;
*) winbox - added "Switch/QoS" menu for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) winbox - added "Trace" column under "System/History" menu;
*) winbox - added configuration settings for ROSE;
*) winbox - added extra "File System" under "Format Drive" button;
*) winbox - added missing "Default Name" property for interfaces;
*) winbox - do not show "Last Logged In" and "Expire Password" when creating new system user;
*) winbox - fixed "Authority" property under "System/Certificates/Requests" menu;
*) winbox - fixed duplicated "MVRP Attributes" table;
*) winbox - fixed false invalid flag under "System/Ports/Remote Access" menu;
*) winbox - fixed issue with skin file appearing as unknown in user group menu (introduced in v7.15);
*) winbox - fixed signal bar "excellent" tooltip;
*) winbox - fixed Switch menu for RB1100AHx4 device;
*) winbox - improved QR code display;
*) winbox - moved DHCPv6 Server "Allow Dual Stack Queue" property from General to Queues tab;
*) winbox - moved Switch menu tabs to individual menus;
*) winbox - properly display available address-pools for DHCPv6 server configuration;
*) winbox - removed deprecated x86/CHR specific settings under "System/Resources" menu;
*) winbox - removed spare argument for "PFS Group" property under "IP/IPsec/Proposals" menu;
*) winbox - renamed configurable wifi property "Tx Power" to "Max Tx Power";
*) winbox - separated different Watchdog settings into logical tabs;
*) winbox - use CAP serial number with "Set Identity" button under "WiFi/Remote CAP" menu;
*) winbox - use correct default value for "Partition Offset" property;
*) winbox/webfig - fixed skins (introduced in v7.15);
*) wireless - allow unsetting signal-range and ssid-regext properties for capsman access-list;
*) wireless - fixed dynamic VLAN assignments for vlan-filtering bridge in certain cases;
*) wireless - limit antenna-gain property to 100;
*) www - log out inactive REST API users;
*) x86 - added missing PCI ids for bnx2x driver;
*) x86 - added RTL8156 driver support;
*) x86 - fixed missing serial ports with MCS9900;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 9:59 am

:) Wow, thanks a lot for the effort Mikrotik team!!
 
User avatar
inteq
Member
Member
Posts: 429
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:07 am

All my static leases for other Mikrotik devices got messed up after update to 7.16. Switches and APs .Looks like the MAC on the bridges got reset somehow.
Read again the whole patch note and could not find anything about this. Then again, I just woke up so I could be a bit slow.
If you update remotely and you have lots of other MIkrotik devices behind the router, double check after the update that the leases are as you expect.
 
usx
newbie
Posts: 26
Joined: Sun Oct 27, 2013 7:30 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:12 am

That is a terrifyingly large amount of changes. I'm not feeling good about this update.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:17 am

There has been a rather large period of beta and rc testing.

For some there are too much changes.
For some there are never enough changes.

It's never good for everyone everytime.
 
User avatar
mantouboji
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Aug 01, 2022 2:21 pm
Location: Shanghai

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:42 am

Wonderful

RB4011. OK
AX3. OK
J1900 box. OK
Last edited by mantouboji on Tue Sep 24, 2024 4:13 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:46 am

That is a terrifyingly large amount of changes.
There has been releases with more changes :)
train	count
6.43	459
6.42	433
6.47	416
6.46	414
6.39	399
7.2	392
6.40	376
6.38	365
6.44	361
6.48	357
6.45	351
7.16	322
6.41	287
7.15	276
7.14	267
 
erlinden
Forum Guru
Forum Guru
Posts: 2571
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:47 am

All my static leases for other Mikrotik devices got messed up after update to 7.16.
Have you set fixed Admin MAC Address on the bridge for these devices?

For me, upgrade went well on all devices (coming from either 7.16 RC5 or 7.15.3):
RB4011
hEX S
hAP AX 2
cAP AX
cAP XL ac
wAP ac
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:57 am

With all those change, is like a long-term release........



Bravi, ottimo lavoro.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:17 am

👏🥂🥳
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:28 am

*) console - fixed negative values for gmt-offset clock property;

My scripts are already ready ;)
:global intGoff [:tonum [get gmt-offset]]
:if ($intGoff > 0x7FFFFFFF) do={:set intGoff ($intGoff - 0x100000000)}
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:30 am

*) dhcpv4-server - added matcher ability to match substring;
It would be even nicer when the matcher could match other DHCP request fields than options...
E.g. the requester's MAC address. I would like to put IEEE-assigned MAC addresses in a different pool than Locally assigned ("random") MAC addresses, for example.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:30 am

With all those change, is like a long-term release........
MT has not released a Long Term version in the 7 series yet.
And if you look back in history, you will see the how many version was released before a long term was released.
Here is all the first version of Long-Term releases:

version
6.30.1
6.32.3
6.34.5
6.37.4
6.38.7
6.39.3
6.40.6
6.42.9
6.43.13
6.44.5
6.45.8
6.46.7
6.47.9
6.48.5
6.49.7


Example. 6.32 6,32.1 and 6.32.2 was stable version then 6.33.3 a long-term version
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:31 am

*) ip - added max-sessions property for services;
Missing (CLI only) on changelog...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:35 am

Update sucessfully one CCR2116-12G-4S+ [from 7.15.3] with 2 BGP full table IPv4 and 1 BGP IPv6 full table.
Apparently work.
Last edited by rextended on Tue Sep 24, 2024 12:08 pm, edited 2 times in total.
 
User avatar
inteq
Member
Member
Posts: 429
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:35 am

All my static leases for other Mikrotik devices got messed up after update to 7.16.
Have you set fixed Admin MAC Address on the bridge for these devices?

For me, upgrade went well on all devices (coming from either 7.16 RC5 or 7.15.3):
RB4011
hEX S
hAP AX 2
cAP AX
cAP XL ac
wAP ac
Have admin MAC only on router.
On switches and APs I don't have admin MAC set.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:39 am

So, is all "random"...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:46 am

All my static leases for other Mikrotik devices got messed up after update to 7.16. Switches and APs .Looks like the MAC on the bridges got reset somehow.
I don't see that issue here. MAC on bridges is still the Admin MAC that was set all the time (I think defconf now sets it as well).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:05 pm

Until someone change the config, or if is set at the start..............
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:06 pm

@inteq: Is better to use another topic for probably unrelated problems.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:07 pm

CHR x86_64 (ESXi 6.5) updated without problem [from 7.15.3], DHCP work as expected.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:12 pm

one HAP AX2 updated well but another is in loop...it is restarting...it is as capsman AP and in capsmanager is this message: disconnected RAP AX2 UP@18:FD:74:BB:A9:0C%*8, connection interrupted
then I get ip adress again and again disconnected RAP AX2 UP@18:FD:74:BB:A9:0C%*8, connection interrupted
power off and on did not help...I will have to go there...
 
fragtion
Member Candidate
Member Candidate
Posts: 269
Joined: Fri Nov 13, 2009 10:08 pm
Location: Cape Town, South Africa

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:14 pm

Wireless dissociation issue affecting AX devices fixed? I see no mention of it... but surely by now?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:15 pm

If it's not written, it's not written, so it wasn't done.
By what logic should it have been done, if it's not written?
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:21 pm

Sometimes we see e.g. a 3 lines changelog in some minor release. But that release introduces a bug in an area, completely different/unrelated to any changelog item.

So when bugs can sneak into, people assume, fixes can sneak without mentioning into releases as well.

And I sometimes see new CLI options/arguments or even commands in new releases that were not mentioned with a single word in changelog.
Last edited by infabo on Tue Sep 24, 2024 12:28 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:26 pm

When I wanted to juggle the wlan names in my 4011 (apparently the defaults have swapped) I noticed an issue with WDS.
I don't use WDS, but there are two fields "WDS default cost" and "WDS cost range" that may be new. In the physical interfaces they were set to 100 and 50-150 respectively.
But I also have two "virtual" interfaces below them, which were disabled during the upgrade, and these values were not set.
When I tried to rename them to align with the wlan1/wlan2 swap, there is an error message about invalid WDS cost range. I think it should have been set to 50-150 as well.
Also, when I now add a new virtual wireless interface, it has an invalid WDS cost range as well and cannot be saved until that is corrected.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:31 pm

I noticed an issue with WDS. there are two fields "WDS default cost" and "WDS cost range" that may be new
they have always been there since 6.x


Yes, in previous versions they were 0 when created (and I put them in the default ones).
Evidently they added the cost control in the real interface, but recycling the interface also for the "fake" now gives an error uselessly.
 
kowal
newbie
Posts: 30
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:39 pm

For me upgrade went well on my setup:
RB5009 (non-poe);
CRS310-8G+2S+( that switch always update a bit longer, but this time it taken about 10 minutes);
cAP-AC (with qcom-ac)
cAP-AX
 
fragtion
Member Candidate
Member Candidate
Posts: 269
Joined: Fri Nov 13, 2009 10:08 pm
Location: Cape Town, South Africa

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 12:45 pm

If it's not written, it's not written, so it wasn't done.
By what logic should it have been done, if it's not written?
The changelog is massive, so it's possible that one of those many changes fixes the issue even if it doesn't explicitly mention ax wifi anywhere. Maybe it's a problem with bridges or drivers, or who knows what
Last edited by fragtion on Wed Sep 25, 2024 2:49 am, edited 1 time in total.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:07 pm

IMHO it is okay to ask. I would even encourage you to ask on every single release. It is like in real life: the one that barks the loudest gets served. lol
 
S8T8
Member Candidate
Member Candidate
Posts: 127
Joined: Thu Sep 15, 2022 7:15 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:15 pm

*) console - added "about" filters for "find" and "print where" commands;
Hello, could someone explain where we can find or print about?
 
User avatar
diamuxin
Member
Member
Posts: 335
Joined: Thu Sep 09, 2021 5:46 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:18 pm

Hi, I have an ax3 and behind it powered by POE (from ether1) an ax2 is connected.

Since I have upgraded both devices to 7.16 there is a continuous error on ax3 “ether1 link down” -> “ether1 link up” -> “ether1 link down” and so it repeats continuously.

Any idea where the problem comes from? Thanks.
 
User avatar
wiktorbgu
just joined
Posts: 4
Joined: Sun Dec 26, 2021 11:59 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:36 pm

I have a device ax3 with power supply via PoE in Ether1.
Today on version rc5 and after updating to 7.16 also problems appeared “ether1 link down” -> “ether1 link up” -> “ether1 link down” and so it repeats continuously.
 
User avatar
diamuxin
Member
Member
Posts: 335
Joined: Thu Sep 09, 2021 5:46 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:46 pm

So, it seems to be a bug affecting “ether1” as I have tested that port as POE=Off and the same thing happens again.

Edit: I have downgraded to version 7.15.3 and still the same problem: “ether1 link down” -> “ether1 link up” -> “ether1 link down” ...etc. Any solution from Support ?
Last edited by diamuxin on Tue Sep 24, 2024 1:57 pm, edited 1 time in total.
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:46 pm

Hi,

Do you have more information on which devices it is available? or how to check?

*) qos-hw - added H and I flags to queues;
*) qos-hw - added new monitoring properties for ports and global QoS stats;

Regards,
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:51 pm

I have a device ax3 with power supply via PoE in Ether1.
Today on version rc5 and after updating to 7.16 also problems appeared “ether1 link down” -> “ether1 link up” -> “ether1 link down” and so it repeats continuously.
It worked on 7.16 rc5?
 
User avatar
diamuxin
Member
Member
Posts: 335
Joined: Thu Sep 09, 2021 5:46 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:58 pm

I have downgraded to version 7.15.3 and still the same problem
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Mon May 05, 2014 10:36 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 1:59 pm

*) wifi-qcom-ac - improved memory allocating process;
Upgraded a single hAP ac2 so far to check if (hopefully) OOM reboots are really fixed with this one...
 
Z0ltan
newbie
Posts: 35
Joined: Sat Dec 15, 2018 3:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:00 pm

Is it normal for CAPSMAN not to show traffic from the CAPs? I've upgraded, things work but I only see traffic on the individual CAPs but not on CAPSMAN.
You do not have the required permissions to view the files attached to this post.
 
Guscht
Member Candidate
Member Candidate
Posts: 254
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:08 pm

RB912R-2nD is not showing Identity and Board anymore (3rd from top)...

Edit: After another reboot, it shows up correctly...

Zwischenablage_09-24-2024_01.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by Guscht on Tue Sep 24, 2024 2:18 pm, edited 4 times in total.
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1480
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:08 pm

Updated 4011, 5009, CRS310, 328, 112, ATLGM, AX3, AX2, cAPax, LHGG, hAP ax lite LTE, wAP LTE, Chateau and cAP ac with no problem so far.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:14 pm

I have downgraded to version 7.15.3 and still the same problem
That is not an answer to the question above.
Did you upgrade from 7.15.3 to 7.16 or did you try 7.16x versions in between? (beta,rc)
There have been changes to PoE and they affect the programming of a PoE controller, downgrading does not downgrade that programming.
For me on an RB5009 it fixed a bug, but apparently on the ax3 it introduces a new bug...
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:33 pm

Is it normal for CAPSMAN not to show traffic from the CAPs? I've upgraded, things work but I only see traffic on the individual CAPs but not on CAPSMAN.
If wifiwave2 capsman, that's already the case since start of wave2 capsman, many, MANY moons ago ...
Or are you referring to legacy wireless capsman ?

But since I see interface names with wifi, I am going to assume it's the wave2 version you're referring to. Old news then.
 
User avatar
diamuxin
Member
Member
Posts: 335
Joined: Thu Sep 09, 2021 5:46 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:41 pm

I have downgraded to version 7.15.3 and still the same problem
That is not an answer to the question above.
Did you upgrade from 7.15.3 to 7.16 or did you try 7.16x versions in between? (beta,rc)
There have been changes to PoE and they affect the programming of a PoE controller, downgrading does not downgrade that programming.
For me on an RB5009 it fixed a bug, but apparently on the ax3 it introduces a new bug...
Sorry, in my case I upgraded from 7.15.3 to 7.16
Last edited by diamuxin on Tue Sep 24, 2024 2:43 pm, edited 3 times in total.
 
User avatar
ich777
just joined
Posts: 3
Joined: Thu Oct 08, 2020 3:54 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:41 pm

I've upgraded and everything seems to work except Wifi 2GHz, I get this message:

--- device does not support management protection

I'm running a hAP ax³, this wasn't an issue with the previous version, did I do something wrong?

Strangely the hAP ax² is working fine (2x Caps) as you can see in the screenshot.
1.png

EDIT: I downgraded to 7.15.3 and everything is working again. I'm really not sure if I did something wrong or this is a bug.

EDIT2: Filed a bug report, thanks @pe1chl
You do not have the required permissions to view the files attached to this post.
Last edited by ich777 on Tue Sep 24, 2024 3:05 pm, edited 3 times in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:48 pm

Sorry, in my case I upgraded from 7.15.3 to 7.16
You need to file a bug in the support system: https://help.mikrotik.com/servicedesk
(when posting only here in the release topic it will probably not be noticed... unless a flood of such reports comes in)
 
User avatar
sch
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Tue Feb 26, 2013 1:05 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:54 pm

wiktorbgu and diamuxin please contact MikroTik support and provide supout.rif files.
 
User avatar
wiktorbgu
just joined
Posts: 4
Joined: Sun Dec 26, 2021 11:59 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 2:57 pm

I have a device ax3 with power supply via PoE in Ether1.
Today on version rc5 and after updating to 7.16 also problems appeared “ether1 link down” -> “ether1 link up” -> “ether1 link down” and so it repeats continuously.

It seems that after updating the firmware the situation has stabilized. (System-RouterBOARD-Upgrade)
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:02 pm


There has been releases with more changes :)
train	count
6.43	459
6.42	433
6.47	416
6.46	414
6.39	399
7.2	392
6.40	376
6.38	365
6.44	361
6.48	357
6.45	351
7.16	322
6.41	287
7.15	276
7.14	267
A good statistic would be a graphic timeline of releases.
With zooming and all those fancy things...

Medium time between Betas.
Medium time between RCs.
Medium time between release of Stable and Beta of next release.

It could be just for RouterOSv7.
 
majestic
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Dec 05, 2016 11:19 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:07 pm

Has anyone had success with the v7.16 with Wireless Wire (wAP60G) p2p APs?

I am always very hessitant in upgrading these as they provide a core link between rooms and if they don't come up, they would be a nightmare to fix as they are stuck on the wall.

If anyone has a pair or simular hardware, please do let me know, thank you.

Best Regards.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:09 pm

There's no guarantee that if someone can do it, you can do it too.
I don't think there's any real reason why you should update them, do you?
 
majestic
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Dec 05, 2016 11:19 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:10 pm

There's no guarantee that if someone can do it, you can do it too.
I don't think there's any real reason why you should update them, do you?
Yeah I get that, but it minimizes the risks.

*Update*
Thinking about it some more, your right, leave them as they are and just upgrade the RB5009 as thats internet facing, the p2p are not, so the exposure is minimal. The RB5009 is easy to access, so if something goes bad, its not a major issue. Thanks for your insight.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:19 pm

That is a terrifyingly large amount of changes.
There has been releases with more changes :)
train	count
6.43	459
6.42	433
6.47	416
6.46	414
6.39	399
7.2	392
6.40	376
6.38	365
6.44	361
6.48	357
6.45	351
7.16	322
6.41	287
7.15	276
7.14	267
This statistic is wrong. There aren't 322 change in 7.16. There are many changes already published by 7.15.x.
 
majestic
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Dec 05, 2016 11:19 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:39 pm

RB5009 upgrade to v7.16 sucessful.
- DNS working inc DoH and static entries
- DHCP working (multi vlans)
- BGP, BFD working, one large table and couple of k8s clusters
- PPPOE working
- VLANS working
- Wireguard roadwarriors config, working

I see a tiny bit of additional RAM being used but its only about ~20mb difference, apart from that, looks fine on RB5009. Will monitor it to make sure but seems sucessful.
 
User avatar
Kanzler
Member Candidate
Member Candidate
Posts: 135
Joined: Wed Oct 05, 2022 6:55 pm
Location: Ukraine

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 3:46 pm

hAP ac3 (wifi-qcom-ac) updated without problems. Everything works fine.
 
User avatar
herbrico
newbie
Posts: 25
Joined: Mon Dec 31, 2012 4:19 pm
Location: Croatia, Sisak

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 4:46 pm

So, it seems to be a bug affecting “ether1” as I have tested that port as POE=Off and the same thing happens again.

Edit: I have downgraded to version 7.15.3 and still the same problem: “ether1 link down” -> “ether1 link up” -> “ether1 link down” ...etc. Any solution from Support ?

I've got an HAP AX3 on (7.15.3) ROS 7.16 now connected via POE on eth1 and everything works fine, there is no connection or disconnection. But I had a similar problem with the net metal ac2 connected via poe where there was a connection and disconnection (link up, link down ), changing the poe adapter solved the problem.
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 5:27 pm

/ip/dns/set mdns-repeat-ifaces=bridge,vlan-iot

and I'm happy! Dead simple... Thanks!
 
User avatar
diamuxin
Member
Member
Posts: 335
Joined: Thu Sep 09, 2021 5:46 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 5:31 pm

So, it seems to be a bug affecting “ether1” as I have tested that port as POE=Off and the same thing happens again.

Edit: I have downgraded to version 7.15.3 and still the same problem: “ether1 link down” -> “ether1 link up” -> “ether1 link down” ...etc. Any solution from Support ?

I've got an HAP AX3 on (7.15.3) ROS 7.16 now connected via POE on eth1 and everything works fine, there is no connection or disconnection. But I had a similar problem with the net metal ac2 connected via poe where there was a connection and disconnection (link up, link down ), changing the poe adapter solved the problem.
Thanks for the feedback!
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1549
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 6:28 pm

I just updated the Mikrotik public btest server I maintain to ROS version 7.16
** Everything appears to be working correctly.
** This is a Mikrotik CHR ( P unlimited ) running on a Proxmox hypervisor.

IPv4: 23.162.144.123
IPv6: 2605:6340:0:1b::123
btest username: North-Idaho-Btest-Server
btest password: I-Am-Not-A-Cron-Script

North Idaho Tom Jones
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 6:59 pm

Please add to the "Before an upgrade:" section:
4) when upgrading a CHR, check that it has at least 1GB RAM allocated, and increase RAM before attempting upgrade.
(see SUP-161771)
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1107
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 7:10 pm

Updated my RB5009 & RB3011
No issues, all my basic services work fine.
 
johnudu
just joined
Posts: 14
Joined: Wed Apr 26, 2023 8:26 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 7:28 pm

hAP ac3 + wifi-qcom-ac - NO PROBLEM
 
donkeyKong
just joined
Posts: 7
Joined: Sat Aug 13, 2022 1:13 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 7:56 pm

DNS :resolve command is not working as intended.

In ROS 7.15.3, DNS resolution works correctly and queries DNS server:
:resolve "www.google.com" server=<DNS server>
In ROS 7.16, DNS resolution uses the cache and does not seem to query server (10.9.91.200 does not exist in test LAN):
:put [:resolve domain-name="www.google.com" server=10.1.91.200 ]
172.217.20.164
:put [:resolve domain-name="www.google.com.br" server=10.90.90.200 ]
failure: dns server failure
Opened SUP-166143
 
jordanp123
just joined
Posts: 3
Joined: Tue Feb 21, 2023 3:55 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 8:07 pm

Has anyone elses setup with VRF's just stopped working ? Mine appears completly broken after the update. I use a VRF to connect to a VPN service for a VLAN.
 
jordanp123
just joined
Posts: 3
Joined: Tue Feb 21, 2023 3:55 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 8:29 pm

Looks like the firewall rules parameters changed with regards to VRF's in this release. Still trying to figure it out
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 8:52 pm

What type of router do you have? Is it a CHR?
 
jordanp123
just joined
Posts: 3
Joined: Tue Feb 21, 2023 3:55 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 9:49 pm

Its a RB5009. I got it figured out, apparently in the last few releases you were allowed in the firewall rules to have VRF interface members in the In/Out portions of the firewall rules, but not now, so you can only have the VRF interface in the firewall rules, it puts a downer on firewall rules since I have to make them more complicated with packet marking now to have the same functionality.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 9:59 pm

already since 7.14. see viewtopic.php?p=1069285#p1069285
 
jordanp123
just joined
Posts: 3
Joined: Tue Feb 21, 2023 3:55 am

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:04 pm

yeah, what was weird is that It was working fine in 7.15. I got hit by the change from 7.13 to 7.14 when that first changed as well.
 
litvcom
just joined
Posts: 4
Joined: Tue Jun 11, 2024 8:11 pm

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 10:49 pm

I just updated my AX3. It hasn't gotten any worse, but time will tell.
 
gbtest85
just joined
Posts: 14
Joined: Mon Jul 17, 2023 7:34 pm
Location: Italy

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:31 pm

/ip/dns/set mdns-repeat-ifaces=bridge,vlan-iot

and I'm happy! Dead simple... Thanks!
Hi, can you explain the purpose of this new setting?

I think it could be useful to many!

Thank you
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v7.16 [stable] is released!

Tue Sep 24, 2024 11:35 pm

mdns-repeater-ifaces (list of interfaces; Default: )
Once an interface in this list receives an mDNS packet, it will forward it to all other interfaces in this list. Only supports IPv4.
see https://help.mikrotik.com/docs/display/ROS/DNS
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1042
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 12:06 am

Is this change applied when just upgrading? Or do I have to do something more drastic, as netinstall?

*) arm64 - increased reserved storage space for bootloader;
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:01 am

Is roaming fixed in this firmware, running v7.15.3 at the moment and wireless roaming working correctly, devices are disconnecting and reconnecting with no internet for 10 seconds, alot of disassociated, connection lost, signal strength -49
 
gze100
just joined
Posts: 6
Joined: Wed Jan 20, 2010 2:30 am
Location: Germany

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 3:18 am

After the upgrade to 7.16, the standard route is no longer redistributed via rip and bfd. A downgrade to 7.15.3 has solved the problem for the time being.
/routing rip instance
add disabled=no name=rip-instance-4 originate-default=if-installed redistribute=connected,static route-gc-timeout=60 route-timeout=30 routing-table=main \
    update-interval=5
/routing rip interface-template
add disabled=no instance=rip-instance-4 interfaces=bridge-local poison-reverse=yes split-horizon=yes use-bfd=yes
 
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 4:40 am

After upgrading from 7.15.3 to 7.16, DNS-related configurations are randomly lost after some time of use.

This includes the settings in **DNS Static**, which also disappear, leaving the fields blank.

The DNS loss in version 7.16 includes, but is not limited to, the disappearance of **dynamic servers**.
The cached usage drops to 0, and the **servers' static settings** are lost.
When opening **DNS Static**, the fields appear blank.

These issues do not occur immediately but arise suddenly after some time following the upgrade to 7.16.
You do not have the required permissions to view the files attached to this post.
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 5:19 am

it seems vrf-routing is trouble, coming from 7.15.3 static vrf routes were marked inactive and we found no way to get those active, neither deleting, adding new ones, basically all vrf-routes are inactive and show things like:
 4  IsH  dst-address=0.0.0.0/0 routing-table=main gateway=10.100.6.5
         immediate-gw="" distance=1 scope=30 target-scope=10
         vrf-interface=MGMT
in addition to static routes within vrfs not working also dynamic routes (added by pppoe client) were inactive within vrfs. this is seriously messed up.

finally had to downgrade to 7.15.3 to get this working again.
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 5:44 am

Has anyone elses setup with VRF's just stopped working ? Mine appears completly broken after the update. I use a VRF to connect to a VPN service for a VLAN.
probably your vrf routes are inactive, right?
 
User avatar
Coughy
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Tue Apr 23, 2024 2:53 am
Location: Brisbane Au

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 8:34 am

I have downgraded to version 7.15.3 and still the same problem
do a complete new config
i found jumping around firmwares and allpy config has a bug that it does things like this
im running hapax3 , hapax2 and 3 x capax all on 7.16.rc4 all fine to a degree with roaming and very little disconects
try factory reset on stable 7.16 and new config
 
AresPo
just joined
Posts: 12
Joined: Thu Sep 02, 2021 7:06 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:01 am

hAP AX3 + wifi-qcom
on 7.15.3: WiFi (2&5) is ok (RSMB)
on 7.16: WiFi (2&5) drop (M)

After the update, I encountered an issue with WiFi and reconfigured the settings, but the problem persisted, so I had to revert to version 7.15.3

log : "DefConf gen: Unable to find wifi radio data"
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:47 am

*) wifi - added "slave-name-format";
*) wifi - adjusted virtual interface naming when provisioning local radios;
Why is this only done for local radios? The local radios are now named similar to slave-name-format.

So e.g.:

Master interface: wifi1
1 slave interface: wifi1-virtual1

That is all nice and good.

But on the CAP, the interfaces are still suffixed by a number.

Master interface: wifi1
1 slave interface: wifi4

This is inconsistent. Why are wifi interfaces on the CAPs still named the old way?
 
User avatar
KexyBiscuit
just joined
Posts: 2
Joined: Mon Jul 13, 2020 10:39 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 10:17 am

After updating, Detect Internet suddenly installs default route and DNS servers for me, seems that it's a feature instead of a bug.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7174
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 10:38 am

it seems vrf-routing is trouble, coming from 7.15.3 static vrf routes were marked inactive and we found no way to get those active, neither deleting, adding new ones, basically all vrf-routes are inactive and show things like:
 4  IsH  dst-address=0.0.0.0/0 routing-table=main gateway=10.100.6.5
         immediate-gw="" distance=1 scope=30 target-scope=10
         vrf-interface=MGMT
in addition to static routes within vrfs not working also dynamic routes (added by pppoe client) were inactive within vrfs. this is seriously messed up.

finally had to downgrade to 7.15.3 to get this working again.
Config looks to be incorrect, either you use routing-table to determine to which vrf this route should belong or you use vrf-interfce. But not the both especially if routing table config does not match the vrf to which vrf-inteface belongs to.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 10:40 am

"free-hdd-space" shrinked by ~50kb on "cAP ac":

7.15.3: 780KiB
7.16: 736KiB
 
JustAnAccount
just joined
Posts: 12
Joined: Mon Jun 20, 2022 4:02 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:02 am

".home.arpa" DNS queries are still being leaked to the WAN network and is not conform to rfc8375. Can it be fixed ASAP please?
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:03 am

".home.arpa" DNS queries are still being leaked to the WAN network and is not conform to rfc8375. Can it be fixed ASAP please?
Oh yeah, I really hate that behavior. And I see no possibility to turn that off.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:08 am

".home.arpa" DNS queries are still being leaked to the WAN network and is not conform to rfc8375. Can it be fixed ASAP please?
That is only a "proposed standard", one of several that were made with the same objective.
When you want to use that domain and don't want to leak it you can easily configure that yourself using a static record in the DNS resolver.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:23 am

How?
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Mon May 05, 2014 10:36 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:41 am

".home.arpa" DNS queries are still being leaked to the WAN network and is not conform to rfc8375. Can it be fixed ASAP please?
That is only a "proposed standard", one of several that were made with the same objective.
When you want to use that domain and don't want to leak it you can easily configure that yourself using a static record in the DNS resolver.
What Mikrotik probably should implement is DNS forwarders so one could host those local domain zones locally...
Also to avoid bogus DNS queries to internet name servers as is strongly advised (https://www.rfc-editor.org/rfc/rfc6303) maybe filter all these local zones by default as Unbound and BIND are doing:
        # local-zone: "localhost." nodefault
        # local-zone: "127.in-addr.arpa." nodefault
        # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
        # local-zone: "home.arpa." nodefault
        # local-zone: "onion." nodefault
        # local-zone: "test." nodefault
        # local-zone: "invalid." nodefault
        # local-zone: "10.in-addr.arpa." nodefault
        # local-zone: "16.172.in-addr.arpa." nodefault
        # local-zone: "17.172.in-addr.arpa." nodefault
        # local-zone: "18.172.in-addr.arpa." nodefault
        # local-zone: "19.172.in-addr.arpa." nodefault
        # local-zone: "20.172.in-addr.arpa." nodefault
        # local-zone: "21.172.in-addr.arpa." nodefault
        # local-zone: "22.172.in-addr.arpa." nodefault
        # local-zone: "23.172.in-addr.arpa." nodefault
        # local-zone: "24.172.in-addr.arpa." nodefault
        # local-zone: "25.172.in-addr.arpa." nodefault
        # local-zone: "26.172.in-addr.arpa." nodefault
        # local-zone: "27.172.in-addr.arpa." nodefault
        # local-zone: "28.172.in-addr.arpa." nodefault
        # local-zone: "29.172.in-addr.arpa." nodefault
        # local-zone: "30.172.in-addr.arpa." nodefault
        # local-zone: "31.172.in-addr.arpa." nodefault
        # local-zone: "168.192.in-addr.arpa." nodefault
        # local-zone: "0.in-addr.arpa." nodefault
        # local-zone: "254.169.in-addr.arpa." nodefault
        # local-zone: "2.0.192.in-addr.arpa." nodefault
        # local-zone: "100.51.198.in-addr.arpa." nodefault
        # local-zone: "113.0.203.in-addr.arpa." nodefault
        # local-zone: "255.255.255.255.in-addr.arpa." nodefault
        # local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
        # local-zone: "d.f.ip6.arpa." nodefault
        # local-zone: "8.e.f.ip6.arpa." nodefault
        # local-zone: "9.e.f.ip6.arpa." nodefault
        # local-zone: "a.e.f.ip6.arpa." nodefault
        # local-zone: "b.e.f.ip6.arpa." nodefault
        # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
        # And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
 
mustang1986
just joined
Posts: 1
Joined: Wed May 31, 2023 9:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 12:01 pm

hAP ac3 + wifi-qcom-ac - NO PROBLEM
7.16 solve it wifi-qcom-ac memory leak?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1385
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 12:28 pm

ip - added max-sessions property for services;
@rextended

how to get into that?
 
luckybuilding
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sun Feb 05, 2012 12:57 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:03 pm

Thanks, it is great! But it has some bugs! After upgrade, my mangles based on incoming interfaces stopped working! I finally had to downgrade it!
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:26 pm

do a complete new config
[...]
try factory reset on stable 7.16 and new config
no factory resetting production systems is not an option, sorry - neither do I think this is a good idea to suggest to anyone.
 
johnudu
just joined
Posts: 14
Joined: Wed Apr 26, 2023 8:26 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:31 pm

hAP ac3 + wifi-qcom-ac - NO PROBLEM
7.16 solve it wifi-qcom-ac memory leak?
i dont now
 
jdub88
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Sep 25, 2020 1:35 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:34 pm

Quite significant problems upgrading my hAP AX3 from 7.15.3

Lots of DoH failure errors

Lots of devices getting "offering lease without success"

Wireguard failing to establish

Extremely bad performance for websites

I have a feeling the latter two are due to all the DoH issue but removing DoH endpoint didn't seem to help

Anyone else having this? I didn't see any similar reports

How do I go back to 7.15.3? I assume it's not as simply as simply clicking downgrade?

Definitely shaken my confidence of late
Last edited by jdub88 on Wed Sep 25, 2024 1:38 pm, edited 1 time in total.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:37 pm

You need to manually download ROS main package and used extra packages. Then upload these npk files to your router (e.g. using Winbox) and finally hit
/system/package/downgrade
PS:
I don't know why updates are just one click but downgrade is not possible without additional knowledge and several manual steps. Why not just offer a dead simple downgrade feature where you can choose to which version you want to downgrade to?
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:56 pm

upgraded CRS309, CRS305, CRS312, hEX S, cAP ax, some hAP ac2, and RB4011, no (new) problems reported so far.

MVRP seems to work much better (7.15.3 had some problems with certains ports not joining vlans properly) and the new comments added to dynamic /interface/bridge/vlan entries are nice.

i noticed a good change in BGP behaviour: routes with a next-hop of :: are now accepted and marked unreachable, instead of being rejected, which means the gateway can be modified in a filter.
 
User avatar
marsbeetle
newbie
Posts: 48
Joined: Sun Feb 19, 2023 9:57 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 1:57 pm

Confirming DHCP issues specifically with AX3 and static addresses being ignored after upgrade to 7.16

Also noticed some of my home automation lights no longer connecting via 2ghz band to my AX2 after upgrade(weak signal). Downgraded and everything is back to "normal"

Why always 1 step forward and two steps back with each upgrade. Some consistency would be nice for a change.
 
sinisa
newbie
Posts: 34
Joined: Sun Apr 17, 2011 12:46 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:05 pm


How do I go back to 7.15.3? I assume it's not as simply as simply clicking downgrade?
More and more people coming here who don't know how to use Google.
Did you try "mikrotik downgrade"? First hit, read page carefully...
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:09 pm

The phenomenon of "not using google before asking" is probably as old as internet search engines. lmgtfy.com exist for a reason. But more and more people use AI. https://letmegpt.com/?q=how%20to%20down ... version%3F
 
Ab5
just joined
Posts: 3
Joined: Fri Jun 12, 2020 10:58 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:12 pm

Issue with OpenVPN and Certificat/date times.
When connecting with freshly created cert
disconnected <TLS error: ssl: cert not valid (before: Wed Sep 25 12:57:45 2024 > now: Wed Sep 25 11:09:03 2024)

Wed Sep 25 12:57:45 2024 is the correct current time on devices connecting and the mikrotik itself.
 
jdub88
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Sep 25, 2020 1:35 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:15 pm

Confirming DHCP issues specifically with AX3 and static addresses being ignored after upgrade to 7.16

Also noticed some of my home automation lights no longer connecting via 2ghz band to my AX2 after upgrade(weak signal). Downgraded and everything is back to "normal"

Why always 1 step forward and two steps back with each upgrade. Some consistency would be nice for a change.
I actually had that weak signal issue last week out of the blue on 7.15.3. Most IoT stuff on 2.4ghz just failed. My ring cameras couldn't see the APs at all, or briefly with very low signal. I didn't actually do anything or changed anything. I loaded the most recent backup and rebooted and it was ok since

I looked into it and there have been some WiFi disassociation issues reported. But may be unrelated

This will be the first time I've needed to downgrade but thanks for the patronising comment about Google. This is after all a forum to discuss the products. The first result says click downgrade but it's not super clear on how to load the older packages. It's not intuitive, many would assume you can just click downgrade and it'll roll back to the previous version but I know never to assume with Mikrotik!
Last edited by jdub88 on Wed Sep 25, 2024 2:17 pm, edited 1 time in total.
 
jdub88
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Sep 25, 2020 1:35 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:16 pm

Issue with OpenVPN and Certificat/date times.
When connecting with freshly created cert
disconnected <TLS error: ssl: cert not valid (before: Wed Sep 25 12:57:45 2024 > now: Wed Sep 25 11:09:03 2024)

Wed Sep 25 12:57:45 2024 is the correct current time on devices connecting and the mikrotik itself.
I wonder if that's the same issue causing my wireguard and DoH issues, but I don't see cert errors in the logs.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 173
Joined: Mon Oct 16, 2023 3:09 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:21 pm

The phenomenon of "not using google before asking" is probably as old as internet search engines. lmgtfy.com exist for a reason. But more and more people use AI. https://letmegpt.com/?q=how%20to%20down ... version%3F

Since AI is mostly trained on Reddit, it's only a matter of time before it answers the question "How to downgrade RouterOS?" with "Yes, let me help you with that. But first, let's install the MikroTik downgrade tool. To do that, open terminal, paste 'rm -rf /' and press Enter. *tips fedora*"
 
Ab5
just joined
Posts: 3
Joined: Fri Jun 12, 2020 10:58 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:25 pm

Issue with OpenVPN and Certificat/date times.
When connecting with freshly created cert
disconnected <TLS error: ssl: cert not valid (before: Wed Sep 25 12:57:45 2024 > now: Wed Sep 25 11:09:03 2024)

Wed Sep 25 12:57:45 2024 is the correct current time on devices connecting and the mikrotik itself.
I wonder if that's the same issue causing my wireguard and DoH issues, but I don't see cert errors in the logs.
Possible i suspect its cause of the GMT Offset fix they pushed through cause it seems the time diff is exactly off by 2 hours for me (I'm GMT+2)
 
jdub88
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Sep 25, 2020 1:35 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 2:35 pm



I wonder if that's the same issue causing my wireguard and DoH issues, but I don't see cert errors in the logs.
Possible i suspect its cause of the GMT Offset fix they pushed through cause it seems the time diff is exactly off by 2 hours for me (I'm GMT+2)
Good spot. I'm off by 1. Will give that a try later.
 
User avatar
Kanzler
Member Candidate
Member Candidate
Posts: 135
Joined: Wed Oct 05, 2022 6:55 pm
Location: Ukraine

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 3:32 pm

7.16 solve it wifi-qcom-ac memory leak?
I don't see any memory leak.
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1042
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 3:39 pm

"free-hdd-space" shrinked by ~50kb on "cAP ac":

7.15.3: 780KiB
7.16: 736KiB
I think this answers my question about

"*) arm64 - increased reserved storage space for bootloader;"

viewtopic.php?t=211157#p1099090
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12861
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 3:40 pm

cAP ac is "arm" not "arm64" ...
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 3:43 pm

There was a memory leak as well on cap ac when using wifi-qcom-ac drivers.
Testing since yesterday, no results yet ( before it would go OOM after almost 2 days).
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 3:59 pm

That is only a "proposed standard"
Proposed? Wow...
And why other recursive engines implement that?
Are bind, unbound, knot, and others wrong following those recomendations?

I would say that this especial zones are so "proposed" than the use of DNSSEC, another standard that RouterOS ignores for a long-long time.
How?
Maybe with regex in DNS it is possible...
But it is the thing that should come in default-config template...
And being possible to be disabled.
 
nmt1900
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Feb 01, 2017 12:36 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 4:04 pm

".home.arpa" DNS queries are still being leaked to the WAN network and is not conform to rfc8375. Can it be fixed ASAP please?
I did packet captures on WAN interface and did not manage to find anything related to that (only *.arpa requests appearing were related to public IP addresses).
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 4:19 pm

What Mikrotik probably should implement is DNS forwarders so one could host those local domain zones locally...
Also to avoid bogus DNS queries to internet name servers as is strongly advised (https://www.rfc-editor.org/rfc/rfc6303) maybe filter all these local zones by default as Unbound and BIND are doing:
That would make DNS way more havier in resources than it is expected. CPU, Memory.

Most users expect from DNS Resolver of Mikrotik a semi-dummy thing like dnsmasq.
Leveling it so up wolud make big part of MikroTik users unhappy.
Stan Marsh says:
"Oh my god! They used extra 1,49MB of RAM..."

Kyle Broflovski says:
"You Bastards! Grrr!"
And even doing that, it would not being good enough in the point of view of thos who wants something really secure and compliance with all the "proposed" standars.

My sugestion here is that Mikrotik creates two DNS Operation Modes:
- UIltra Dummy basic, no DNSSEC, no conditional fowarding, no vrf-source, no nothing... Just a Dummy basic resolver.
- A Good enought DNS Resolver, running on a virtual interface inside RouterOS, with DNSSEC, with v4+v6 adresses for answering queries, with v4+v6 adresses for going out for the recursion, with possible policies being applied.
Maybe an extra package (similar to a a Container) that only allows this alternative more advanced DNS when this package is instaled.
It would reduce space in storage of the basic package, reduce CPU, reduce RAM.

So, if you activate that, you are aware that will consume some extra resourses.
And if you do not activate that, you are aware that funcionality is very limited.
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 6:37 pm

Router - RB4011iGS+

I have two entries for DHCPv6 client in my settings: active and disabled.

/ipv6 dhcp-client add add-default-route=yes interface=IP-Maxnet-VLAN-130 pool-name=ipv6-maxnet pool-prefix-length=66 rapid-commit=no request=address,prefix use-interface-duid=yes use-peer-dns=no
/ipv6 dhcp-client add add-default-route=yes disabled=yes interface=IP-Triolan-VLAN-131 pool-name=ipv6-triolan pool-prefix-length=66 rapid-commit=no request=prefix use-interface-duid=yes use-peer-dns=no

Before ROS 7.16 these two entries did not interfere with each other and everything worked.

With the upgrade to ROS 7.16, trying to enter the IPv6-DHCP Client menu results in an error:
- this menu item appears empty
- an error appears in the logs that there cannot be two pools with the same name.

Attempting to export IPv6 settings to a text file saves an error in the result file:
#error exporting "/ipv6/dhcp-client" (timeout)

Rollback to 7.15.3 restores functionality.
Deleting the “disabled” DHCPv6 client entry and upgrading to 7.16 - the system works fine.
Last edited by BrateloSlava on Wed Sep 25, 2024 7:44 pm, edited 1 time in total.
 
User avatar
baragoon
Member
Member
Posts: 375
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 7:23 pm

ipv6 link local addrss are not deleteable after update from 7.15.3
using this method (for dn42 peering)
/ipv6/pool/add name=link-local prefix=fe80::/56 prefix-length=64
/ipv6/address/add from-pool=link-local advertise=no address=::1 interface=bridge
and (not related to 7.16) - unable to add more than 1 link local address, every next address is like fe80:0:0:2::1/64,fe80:0:0:3::1/64,fe80:0:0:4::1/64
every next addr is fe80:0:0:X+1::y/64
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1042
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 7:27 pm

cAP ac is "arm" not "arm64" ...
Yes, it is. But I find this coincidence quite weird. Exactly when something like this is announced, You see a small shrinkage on disk space? Looks like to me either a wrong changelog (would affect ARM32 too), or a bug on the code (someone forgot to check the ARM architecture before changing the partition size).
 
jdub88
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Sep 25, 2020 1:35 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 7:43 pm



I wonder if that's the same issue causing my wireguard and DoH issues, but I don't see cert errors in the logs.
Possible i suspect its cause of the GMT Offset fix they pushed through cause it seems the time diff is exactly off by 2 hours for me (I'm GMT+2)
So, things are much better with clocks properly set. DoH and Wireguard working again. Will hold off a rollback for now.

Check your clocks folks :)
 
Fif
just joined
Posts: 3
Joined: Thu May 18, 2023 9:02 am

v7.16 cert dates

Wed Sep 25, 2024 8:16 pm

There still are issues with the cert dates being reported incorrectly.
/certificate/print detail proplist=issuer,country,organization,common-name,serial-number,fingerprint,akid,skid,invalid-before,invalid-after  where common-name=R10  
Flags: K - private-key; L - crl; C - smart-card-key; A - authority; 
I - issued, R - revoked; E - expired; T - trusted 
 1  L    T issuer=C=US,O=Internet Security Research Group,CN=ISRG Root X1 
           country="US" organization="Let's Encrypt" common-name="R10" 
           serial-number="4ba85293f79a2fa273064ba8048d75d0" 
           fingerprint="9d7c3f1aa6ad2b2ec0d5cf1e246f8d9ae6cbc9fd0755ad37bb974b1
            f2fb603f3" 
           akid=79b459e67bb6e5e40173800888c81a58f6e99b6e 
           skid=bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8 
           invalid-before=2160-04-18 23:28:16 
           invalid-after=2163-04-18 23:28:15 
Note the wrong invalid-before and invalid-after dates in 2060 and 2063!
Same cert seen from WebFig shows the correct dates (see attached screenshot).

This seems to be a general issue, all my certs show wrong dates, not just the Let's Crypt R10 chain cert.
You do not have the required permissions to view the files attached to this post.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 8:28 pm

*) certificate - show validity beyond year 2038;
Maybe related to this line?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 8:53 pm


That is only a "proposed standard", one of several that were made with the same objective.
When you want to use that domain and don't want to leak it you can easily configure that yourself using a static record in the DNS resolver.
What Mikrotik probably should implement is DNS forwarders so one could host those local domain zones locally...
That is all already available.
You can add static DNS records to forward a domain to another DNS server, and you can enter any FQDN as static record in the router's DNS server as well.
You can have a couple of .home.arpa records in the DNS and at the end a *.home.arpa$ record with NXDOMAIN.

So you can easily configure this. For example, as a good netizen I have added records like
*\.168\.192\.in-addr\.arpa$ NXDOMAIN
as it is useless to forward PTR queries for RFC1918 addresses to the global DNS.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1090
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 8:53 pm

I do not see this issue with certificates. Possibly an issue with specific architecture? What device is that?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 8:59 pm

That is only a "proposed standard"
Proposed? Wow...
You don't know what it means? Read RFC 2026.
And why other recursive engines implement that?
Are bind, unbound, knot, and others wrong following those recomendations?
Anyone can implement it, but it is not mandatory.
Maybe with regex in DNS it is possible...
But it is the thing that should come in default-config template...
And being possible to be disabled.
Of course it is. Someone can publish a cut-and-paste config, and it could even be added to default config.

But it is a debated topic with many different implementations.
And there are other domains that could be added, like 168.192.in-addr.arpa.
 
Fif
just joined
Posts: 3
Joined: Thu May 18, 2023 9:02 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:02 pm

I do not see this issue with certificates. Possibly an issue with specific architecture? What device is that?
I'm seeing that with 7.16 on 3 different CRS devices:
  • CRS305-1G-4S+
  • CRS309-1G-8S+
  • CRS317-1G-16S+
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:10 pm

I have upgraded a couple of RB5009UPr+S+ routers (the PoE model) and I observe that on outputs that are configured for "auto on" but have a normal (non-PoE) device connected, a red "poe status: short circuit" is now being displayed in the interface->ethernet window.
There always was a "short circuit" status in the "PoE status" column of the table, but now it is also shown on a separate line.

Please clarify the situation. This is an 802.3af/at capable PoE device, and that should mean that any non-PoE device can be connected without problem.
Is this warning indicating a problem that should be fixed (i.e. is "auto on" actually a misnomer and should we manually configure any output that has no PoE powered device connected to "off"), or is it only informational? And if so, why is it in red, and why is that changed in 7.16?

I have used 802.3af/at capable switches for ages, and never have I seen a "warning" that non-PoE devices are connected.
It is inconvenient to manually configure this, we have PoE-powered VoIP phones that are connected in front of desktop PCs, and at any time someone can ask for a telephone and it is expected that this can just be plugged in. And this is how it works on our switches (Procurve/Aruba).
In a small office we have a RB5009UPr+S+ where 4 ports are configured "for PC and optional telephone" (others for internet, WiFi AP etc) and now the ports where a PC is directly connected show that warning.
 
burnduck
just joined
Posts: 8
Joined: Mon Aug 14, 2017 10:06 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:27 pm

Not sure if this is a 7.16 or Winbox 4 Beta 8 issue, since I just got this device today and immediately updated it to 7.16.

With an almost empty configuration, a minute or so after I have created an empty bridge on the device, Winbox 4.0beta8 would fail to connect to the device with a "MacConnection syn timeout" error, though the old winbox continues to work with no issue.

Image
[myuser@MikroTik] > /export      
# 1970-01-02 00:20:33 by RouterOS 7.16
# software id = VJPT-SQGP
#
# model = C52iG-5HaxD2HaxD
# serial number = HG209NTVAFV
/interface bridge
add name=bridge
/interface list
add comment="allow macwinbox on all" include=all name=macwinbox
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=mywifi
/interface wifi
set [ find default-name=wifi2 ] configuration.mode=station .ssid=mywifi\
    disabled=no name=wifi-2ghz security=osmium
set [ find default-name=wifi1 ] configuration.mode=station .ssid=mywifi\
    disabled=no name=wifi-5ghz security=osmium
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge list=macwinbox
/system note
set show-at-login=no
/tool mac-server mac-winbox
set allowed-interface-list=macwinbox
 
Hyperlight
just joined
Posts: 5
Joined: Sun Oct 22, 2017 1:37 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:47 pm

Firewall rules for interfaces in a VRF seem to have broken for me.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 9:52 pm

@pe1chl
Did you also upgrade FW on that device ?
I've seen a similar report, I think, which was solved when fw was upgraded.
 
mendark
just joined
Posts: 1
Joined: Tue Feb 18, 2014 11:53 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 10:08 pm

After upgrade to v7.16 on RB4011iGS+ i noticed that DHCP Server that is created on vlan interface doesn't work. Work only DHCP Server that is configured on physical interface.
Can have someone any solution for this?
Thank you
 
erlinden
Forum Guru
Forum Guru
Posts: 2571
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 10:16 pm

Can have someone any solution for this?
Do you have VLAN ID 1 configured?
Anything in the logging?
Or better, share your config?
/export file=anynameyoulike
Remove serial and any other private info.

I have the same MikroTik and this didn't happen for me.
 
mendark
just joined
Posts: 1
Joined: Tue Feb 18, 2014 11:53 am

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 10:31 pm

Can have someone any solution for this?
Do you have VLAN ID 1 configured?
Anything in the logging?
Or better, share your config?
/export file=anynameyoulike
Remove serial and any other private info.

I have the same MikroTik and this didn't happen for me.
This is my configuration:
/interface bridge
add dhcp-snooping=yes frame-types=admit-only-vlan-tagged name=bridge1-MAIN \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="XXXXXXXX"
set [ find default-name=ether2 ] comment="XXXXXXXX"
set [ find default-name=ether3 ] comment="XXXXXXXX"
set [ find default-name=ether4 ] comment="XXXXXXXX"
set [ find default-name=ether5 ] comment="XXXXXXXX"
set [ find default-name=ether6 ] comment="XXXXXXXX"
set [ find default-name=ether7 ] comment="XXXXXXXX"
set [ find default-name=ether8 ] comment="XXXXXXXX"
set [ find default-name=ether10 ] comment="XXXXXXXX"
set [ find default-name=sfp-sfpplus1 ] comment="XXXXXXXX"
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface vlan
add interface=bridge1-MAIN name=vLAN10-Public_IP vlan-id=10
add interface=bridge1-MAIN name=vLAN20-SRV-MGMT vlan-id=20
add interface=bridge1-MAIN name=vLAN80-iSCSI-vMotion vlan-id=80
add interface=bridge1-MAIN name=vLAN93-Private_IP vlan-id=93
add interface=bridge1-MAIN name=vLAN100-Guest_LAN vlan-id=100
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/ip firewall layer7-protocol
add name=facebook.com regexp="^.+(facebook.com).*\$"
/ip ipsec policy group
add name=ike2-policies
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 \
    enc-algorithm=aes-256,aes-192,aes-128
add dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256,aes-128 \
    hash-algorithm=sha256 name=ike2
/ip ipsec peer
add exchange-mode=ike2 name=ike2 passive=yes profile=ike2 \
    send-initial-contact=no
/ip ipsec proposal
add auth-algorithms=sha256,sha1 name=ike2 pfs-group=none
/ip pool
add name=Main-DHCP ranges=XXXXXXXX
add name=Local-DHCP ranges=XXXXXXXX
add name=VPN-Pool ranges=XXXXXXXX
add name=Guest-Pool ranges=XXXXXXXX
/ip dhcp-server
add address-pool=Local-DHCP interface=ether10 lease-script=dhcp2dns \
    lease-time=1d name=Local-DHCP
add address-pool=Main-DHCP interface=vLAN93-Private_IP lease-time=1d name=\
    Main-DHCP
add address-pool=Guest-Pool interface=vLAN100-Guest_LAN name=Guest-DHCP
/interface bridge port
add bridge=bridge1-MAIN ingress-filtering=no interface=ether2 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN ingress-filtering=no interface=ether3 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN ingress-filtering=no interface=ether4 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN ingress-filtering=no interface=ether5 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN ingress-filtering=no interface=ether6 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN ingress-filtering=no interface=ether7 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN ingress-filtering=no interface=ether8 \
    internal-path-cost=10 path-cost=10 pvid=93 trusted=yes
add bridge=bridge1-MAIN interface=ether9 pvid=93 trusted=yes
add bridge=bridge1-MAIN frame-types=admit-only-vlan-tagged interface=\
    sfp-sfpplus1 trusted=yes
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set enabled=yes udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192 tcp-syncookies=yes
/ipv6 settings
set max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1-MAIN tagged=bridge1-MAIN,ether3,ether4,ether7,sfp-sfpplus1 \
    vlan-ids=10
add bridge=bridge1-MAIN tagged=bridge1-MAIN,ether3,ether4,ether7,sfp-sfpplus1 \
    vlan-ids=20
add bridge=bridge1-MAIN tagged=bridge1-MAIN,sfp-sfpplus1 vlan-ids=93
add bridge=bridge1-MAIN tagged=bridge1-MAIN,sfp-sfpplus1 vlan-ids=80
add bridge=bridge1-MAIN tagged=bridge1-MAIN,sfp-sfpplus1 vlan-ids=100
/interface l2tp-server server
set allow-fast-path=yes default-profile=VPN enabled=yes use-ipsec=required
/interface list member
add interface=bridge1-MAIN list=LAN
add interface=ether1 list=WAN
add interface=ether10 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
/ip address
add address=XXXXXXXX interface=vLAN93-Private_IP network=XXXXXXXX
add address=XXXXXXXX interface=ether10 network=XXXXXXXX
add address=XXXXXXXX interface=ether1 network=XXXXXXXX
add address=XXXXXXXX interface=vLAN10-Public_IP network=\
    XXXXXXXX
add address=XXXXXXXX interface=wireguard1 network=XXXXXXXX
add address=XXXXXXXX interface=vLAN20-SRV-MGMT network=XXXXXXXX
add address=XXXXXXXX interface=vLAN80-iSCSI-vMotion network=\
    XXXXXXXX
add address=XXXXXXXX interface=vLAN100-Guest_LAN network=XXXXXXXX
/ip dhcp-server network
add address=XXXXXXXX comment=Guest-DHCP dns-server=XXXXXXXX gateway=\
    XXXXXXXX
add address=XXXXXXXX comment=Local-DHCP dns-server=\
    XXXXXXXX gateway=XXXXXXXX
add address=XXXXXXXX comment=Main-DHCP dns-server=XXXXXXXX \
    gateway=XXXXXXXX
/ip dns
set allow-remote-requests=yes cache-max-ttl=3d servers=1XXXXXXXX
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec identity
add auth-method=eap-radius certificate=sslcert-autogen_2024-09-06T07:44:00Z \
    generate-policy=port-strict mode-config=ike2-conf peer=ike2 \
    policy-template-group=ike2-policies
/ip ipsec policy
add dst-address=XXXXXXXX group=ike2-policies proposal=ike2 \
    src-address=XXXXXXXX template=yes
/ip route
add disabled=no distance=1 dst-address=XXXXXXXX gateway=XXXXXXXX \
    routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl certificate=*5
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 address
add address=2a02:2f0f:312::2/48 advertise=no interface=*11
/ipv6 firewall filter
add action=accept chain=input comment="accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
    src-address=fe80::/10
add action=accept chain=input comment="accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="accept all that matches ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=input comment="allow wireguard VPN (12321/udp)" \
    dst-port=13231 in-interface-list=WAN protocol=udp
add action=drop chain=input comment=\
    "drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment=\
    "accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop packets with bad src ipv6" \
    src-address-list=bad_ipv6
add action=drop chain=forward comment="drop packets with bad dst ipv6" \
    dst-address-list=bad_ipv6
add action=drop chain=forward comment="rfc4890 drop hop-limit=1" hop-limit=\
    equal:1 protocol=icmpv6
add action=accept chain=forward comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="accept HIP" protocol=139
add action=accept chain=forward comment="accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=forward comment="accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment=\
    "accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Bucharest
/system logging
set 0 action=disk
add topics=ipsec,!debug
add disabled=yes topics=wireguard,!debug
/system note
set show-at-login=no
/system resource irq rps
set sfp-sfpplus1 disabled=no
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/user-manager
set certificate=sslcert-autogen_2024-09-06T07:44:00Z enabled=yes \
    require-message-auth=no
/user-manager router
add address=127.0.0.1 comment=localhost name=local
Last edited by mendark on Thu Sep 26, 2024 9:31 am, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:22 pm

@pe1chl
Did you also upgrade FW on that device ?
I've seen a similar report, I think, which was solved when fw was upgraded.
I had not, and now that I have upgraded it (from 7.15.3 to 7.16) the red warning indeed disappears. Thanks for the hint.
What remains confusing is that in the log it says "ether5 detected poe-out status: wait_for_load" which is fine, but in the ethernet interface table it still says "short circuit". For an open port is shows "wait for load" and for 803.af/at PoE that should also be the status when a non-PoE device is connected.
(I can understand that it can detect short circuit and display that when the PoE is "forced on" for passive PoE but a short circuit is detected)

Maybe in addition to "off", "auto on" and "forced on" there should be a "802.3af/at" mode where it strictly uses that protocol and is not worried about shorts.
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.16 [stable] is released!

Wed Sep 25, 2024 11:29 pm

I'm seeing several complains related to certificate.

Issues with NTP and correct time is crossing my mind as possible cause to that.
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 12:51 am

Router - RB4011iGS+

I have two entries for DHCPv6 client in my settings: active and disabled.
/ipv6 dhcp-client add add-default-route=yes interface=IP-Maxnet-VLAN-130 pool-name=ipv6-maxnet pool-prefix-length=66 rapid-commit=no request=address,prefix use-interface-duid=yes use-peer-dns=no
/ipv6 dhcp-client add add-default-route=yes disabled=yes interface=IP-Triolan-VLAN-131 pool-name=ipv6-triolan pool-prefix-length=66 rapid-commit=no request=prefix use-interface-duid=yes use-peer-dns=no
Before ROS 7.16 these two entries did not interfere with each other and everything worked.
With the upgrade to ROS 7.16, trying to enter the IPv6-DHCP Client menu results in an error:
- this menu item appears empty
- an error appears in the logs that there cannot be two pools with the same name.

Attempting to export IPv6 settings to a text file saves an error in the result file:
#error exporting "/ipv6/dhcp-client" (timeout)
Rollback to 7.15.3 restores functionality.
Deleting the “disabled” DHCPv6 client entry and upgrading to 7.16 - the system works fine.

I had the same issue with hAP ac^3 except that both DHCPv6-client are in use.
Upgrade from 7.13 -> 7.16, in the end doing downgrade to 7.15.3 solved the issue.

Running print or export give timeout like yours, also the error of duplicated name for the pool.
One of DHCPv6-client keep searching and when obtain a prefix give that error of "two pool with same name" while the other one has already obtained a prefix.
#error exporting "/ipv6/dhcp-client" (timeout)

failed to add ipv6 pool ipv6-pool: two pools cannot have the same name! (6)

I opened a ticket with support and attached a supout, let's see what happens :)
 
deejaysanoj
just joined
Posts: 3
Joined: Fri Apr 14, 2023 7:38 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 1:57 am

interesting seems working fine, il feedback later on if i notice some errors with this new update :)
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 6:56 am

MVRP seems to work much better (7.15.3 had some problems with certains ports not joining vlans properly)
i spoke too soon, MVRP still does not correctly distribute vlan ids from a port's pvid. opened SUP-166289 for this.
 
Reinis
MikroTik Support
MikroTik Support
Posts: 92
Joined: Wed Jan 02, 2019 12:14 pm
Location: Latvia
Contact:

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 7:11 am

I had not, and now that I have upgraded it (from 7.15.3 to 7.16) the red warning indeed disappears. Thanks for the hint.
What remains confusing is that in the log it says "ether5 detected poe-out status: wait_for_load" which is fine, but in the ethernet interface table it still says "short circuit". For an open port is shows "wait for load" and for 803.af/at PoE that should also be the status when a non-PoE device is connected.
(I can understand that it can detect short circuit and display that when the PoE is "forced on" for passive PoE but a short circuit is detected)

Maybe in addition to "off", "auto on" and "forced on" there should be a "802.3af/at" mode where it strictly uses that protocol and is not worried about shorts.
In this case WinBox visually outputs "short-circuit" warning only after PoE FW upgrade, where upgrade is automatic on boot if versions differ. On next boot, the warning will disappear. We will try to fix it in upcoming releases, but this is an visual issue only.

Regarding "wrong detection of short-circuit on non-poe PD's", it is not wrong as it's simply a measurement issue. Resistance-detection measurement results show really low resistance that cannot be differenced from a real short-circuit. If you don't want port to perform resistance-detection, turn off PoE on it.
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 8:13 am

@mendark
This is my configuration:
I didn't see anything strange in your configuration, except for this line:
/interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
Why do you need it?
 
mendark
just joined
Posts: 1
Joined: Tue Feb 18, 2014 11:53 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 8:16 am

@mendark
This is my configuration:
I didn't see anything strange in your configuration, except for this line:
/interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
Why do you need it?
I didn't need that option, maybe was activated when i upgrade to v7.16
I will test and i will return with an answer.

L.E. I tested and now working. After i set: /interface bridge settings set use-ip-firewall=no everything woriking.
Thanks for your help
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:04 am

I had not, and now that I have upgraded it (from 7.15.3 to 7.16) the red warning indeed disappears. Thanks for the hint.
What remains confusing is that in the log it says "ether5 detected poe-out status: wait_for_load" which is fine, but in the ethernet interface table it still says "short circuit". For an open port is shows "wait for load" and for 803.af/at PoE that should also be the status when a non-PoE device is connected.
(I can understand that it can detect short circuit and display that when the PoE is "forced on" for passive PoE but a short circuit is detected)

Maybe in addition to "off", "auto on" and "forced on" there should be a "802.3af/at" mode where it strictly uses that protocol and is not worried about shorts.
In this case WinBox visually outputs "short-circuit" warning only after PoE FW upgrade, where upgrade is automatic on boot if versions differ. On next boot, the warning will disappear. We will try to fix it in upcoming releases, but this is an visual issue only.
Ok thanks. But please also explain if "short circuit" is an undesirable condition for the router, or if it can just be in that state forever without any risk of damage, overheating, etc.
Regarding "wrong detection of short-circuit on non-poe PD's", it is not wrong as it's simply a measurement issue. Resistance-detection measurement results show really low resistance that cannot be differenced from a real short-circuit. If you don't want port to perform resistance-detection, turn off PoE on it.
Please also read my post above: we use PoE out on "user ports" where either a PC or a VoIP phone (with through connection to PC) is connected. It is not convenient to have to configure the port differently for the different usages.
And on any industrial standard PoE switch that is not required at all! You just have 802.3af/at PoE enabled on all ports (by default) and you can plugin any device. The status of the PoE will either be "delivering" or "searching". When there is a low resistance it does not satisfy the 802.3af/at conditions and the status remains "searching" (or "wait for load" or whatever you want to call it).
As I understand that it is different for "passive PoE" (where you just need to try to deliver power and shut off when there is a short circuit to protect your equipment), I suggest (as above) to have a separate 802.3af/at mode where it does not even try to detect short circuit when it does not detect the correct resistance of an 802.3af/at device, just like everyone else does.
 
mendark
just joined
Posts: 1
Joined: Tue Feb 18, 2014 11:53 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:35 am

Another problem that i noticed is, i cannot ping any ip in C class, like: 10.x.x.x, even if i ping from router. i take timed out.
Can anyone observer this? Or have this situation?

Thank you

L.E. I found problem, i have in address list (blocked) all 10.0.0.0/8 ip class, and that was mistake
Last edited by mendark on Thu Sep 26, 2024 12:56 pm, edited 1 time in total.
 
david99
just joined
Posts: 1
Joined: Tue Jan 24, 2017 8:52 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:40 am

Hi All,

For me 7.16 is not working correctly. I have:

1x CCR1009
2x cap ax

After upgrade my router - CCR1009 will start to be unreachable intermittently, few pings are ok then few ping are time out and this repeats. I discovered when I power off both cap ax devices then router is running stable. So downgraded router back to 7.15.3 powered on cap ax devices and router is still unreachable intermittently. After downgrade of one cap ax to 7.15.3 and running it together with router everything is stable, then plugging in also second cap ax with 7.16 and router is again unreachable. After downgrade also second cap ax to 7.15.3 everything is back to normal. So for me this firmware in combination with ccr1009 and cap ax devices is not working well. I'm using capsman for wifi configuration. I was upgrading initially from 7.15.3. Would appreciate if anybody could help me find clue what is happening.

Thanks,

David
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:43 am

@mendark
Another problem that i noticed is, i cannot ping any ip in C class, like: 10.x.x.x, even if i ping from router. i take timed out.
I don't think your question is specifically about ROS 7.16. Create a separate thread for your question. And attach the full text version of your configuration to your post there. I mean - do not hide IP addresses of internal subnets, pools and gateways. Otherwise, it's not clear what you have and where it should be directed.
 
mendark
just joined
Posts: 1
Joined: Tue Feb 18, 2014 11:53 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:45 am

@mendark
Another problem that i noticed is, i cannot ping any ip in C class, like: 10.x.x.x, even if i ping from router. i take timed out.
I don't think your question is specifically about ROS 7.16. Create a separate thread for your question. And attach the full text version of your configuration to your post there. I mean - do not hide IP addresses of internal subnets, pools and gateways. Otherwise, it's not clear what you have and where it should be directed.
Ok, i understand.
Thank you
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:50 am

@david99
Would appreciate if anybody could help me find clue what is happening.
Without knowing what you have and how it's set up, it's impossible to advise anything. Please attach a text version of your configurations. At the same time - remove “critical” information from these files before publishing them on the forum: serial numbers, external IP addresses and gateways, etc.
/export file=file_name
 
jhbarrantes
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Wed Aug 21, 2019 2:56 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 10:57 am

I found 7.16 duplicating RIP routes. Shall I open a ticket to support?. When disabling RIP, the route is still there as dynamic but unreacheable.
/routing rip instance
add afi=ipv4 disabled=no name=rip
/routing rip interface-template
add disabled=no instance=rip interfaces=vlan-voip mode=passive
/ip dhcp-client
add add-default-route=no interface=vlan-voip use-peer-dns=no use-peer-ntp=no
rip-duplicated-route.png

Thanks.
You do not have the required permissions to view the files attached to this post.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 11:05 am

"free-hdd-space" shrinked by ~50kb on "cAP ac":

7.15.3: 780KiB
7.16: 736KiB
Unsure why, my Chateau (D53G-5HacD2HnD) got hit differently:

7.15.3: 712.0KiB
7.16: 632.0KiB
 
foraster
newbie
Posts: 29
Joined: Tue Oct 01, 2019 5:31 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 11:30 am

Experiencing lots of reboots (up to every 2-30 minutes) on a HAP AC2 working as a wireless trunk between two segments of the network, upgraded to v7.16, on logs I only get the "possible power outage" message.

Power supply has not failed before...

Similar devices with wired ethernet trunk connections are fine.

Downgraded the HAP AC2 and after a couple of hours no reboot has happened...
 
User avatar
Kanzler
Member Candidate
Member Candidate
Posts: 135
Joined: Wed Oct 05, 2022 6:55 pm
Location: Ukraine

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 11:33 am

You need to send supout.rif to support
 
CGGXANNX
Member Candidate
Member Candidate
Posts: 232
Joined: Thu Dec 21, 2023 6:45 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 11:44 am

Experiencing lots of reboots (up to every 2-30 minutes) on a HAP AC2 working as a wireless trunk between two segments of the network, upgraded to v7.16, on logs I only get the "possible power outage" message.

Power supply has not failed before...

Similar devices with wired ethernet trunk connections are fine.

Downgraded the HAP AC2 and after a couple of hours no reboot has happened...

Did you also upgrade the firmware (under System -> RouterBOARD, and then reboot). The hAP ac² has a IPQ-4018 CPU and according to the changelog, a firmware upgrade is required for IPQ-40xx

*) routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
 
david99
just joined
Posts: 1
Joined: Tue Jan 24, 2017 8:52 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 12:26 pm

@david99
Would appreciate if anybody could help me find clue what is happening.
Without knowing what you have and how it's set up, it's impossible to advise anything. Please attach a text version of your configurations. At the same time - remove “critical” information from these files before publishing them on the forum: serial numbers, external IP addresses and gateways, etc.
/export file=file_name
Thank you I'm attaching configs from router and from one of the capax. Thank for help.
You do not have the required permissions to view the files attached to this post.
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 12:42 pm

@david99
First: on wireless access points, configure the DHCP client correctly. The device to get the IP address is not ether1, but your bridge.
Second, figure out the VLANs on the router. Which ports on the router you have wireless access points connected to and which VLANs should be forwarded there through the router's bridge.
 
woodych
just joined
Posts: 19
Joined: Fri Nov 12, 2021 7:09 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 12:48 pm

I wonder, as there are some hints about this in the release notes.

Is Bridge IGMP/MLD snooping when using VLAN working now?

It was broken until 7.15.1, especially when using IPv6, multicast packets got dropped by the bridge breaking RA and IPv6 autoconfiguration.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 1:33 pm

Did you also upgrade the firmware (under System -> RouterBOARD, and then reboot). The hAP ac² has a IPQ-4018 CPU and according to the changelog, a firmware upgrade is required for IPQ-40xx

*) routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
Sure, but Etherboot is used for Netinstall. I don't see how it could affect normal operation. But of course, it is a Mikrotik changelog, I agree: there may sneaked some other change into firmware which is necessary for 7.16 to operate normal. So every time one spots a "*) routerboard" changelog-line: UPGRADE regardless of what is written afterwards.
 
vitaly2016
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Jan 20, 2016 9:26 am
Location: Ukraine

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 1:54 pm

/ip/dns/set mdns-repeat-ifaces=bridge,vlan-iot

and I'm happy! Dead simple... Thanks!
I can't make my RB3011's mdns Repeater to work.
I have 2 network:
bridge-local (192.168.10.0/24) for my PC and other things and
vlan20 (192.168.20.0/24) for my iot devices
Before this v7.16 release I can't access my iot devices (ESPHome in HomeAssistant)
by their ".local" names from my PC. But direct access by IOT device's IP address worked good.
And now I set two my interfaces in mDNS Repeater following your example.
But I can't access for example bluetooth-tracker-kitchen.local from main network.
May I ask how did your made your vlan-iot network? Is vlan-iot just VLAN interface or is this a separate bridge?
 
ToTheFull
Member
Member
Posts: 402
Joined: Fri Mar 24, 2023 3:24 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 2:14 pm

STABLE IS IT!
09:19:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -65
09:19:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:20:47 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:25:19 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
09:25:20 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:26:27 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
09:26:27 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:29:29 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
09:29:29 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:32:15 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -84
09:32:19 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -86
09:35:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:35:16 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:39:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:39:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:43:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:43:16 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 connected, signal strength -54
09:45:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -63
09:45:29 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:46:11 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
09:46:34 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:46:34 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -83
09:46:35 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:46:38 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -81
09:47:15 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:47:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -82
09:47:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
09:53:38 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -53
09:53:40 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -58
10:03:46 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -48
10:03:49 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:10:55 wireless,info 0A:BA:D7:A3:E6:19@wifi1 disconnected, connection lost, signal strength -56
10:11:11 wireless,info 0A:BA:D7:A3:E6:19@wifi1 connected, signal strength -58
10:13:56 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -52
10:13:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:24:00 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -54
10:24:04 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -59
10:34:09 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -49
10:34:12 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:44:19 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
10:44:21 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:54:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
10:54:38 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
10:57:50 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -49
10:57:51 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
10:59:01 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
10:59:01 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
11:09:07 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
11:09:07 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:12:14 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:12:32 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:14:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:14:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:17:28 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:17:28 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:20:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:20:40 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -83
11:20:40 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:26:51 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
11:26:53 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:30:23 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:30:23 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:34:22 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:34:22 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:36:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
11:36:31 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:39:19 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:39:26 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:41:28 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:41:28 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:44:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:44:41 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:47:57 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:47:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -82
11:50:07 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:50:07 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -82
11:52:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
11:52:30 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -52
12:02:40 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
12:02:41 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
REALLY!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 2:27 pm

I wonder, as there are some hints about this in the release notes.

Is Bridge IGMP/MLD snooping when using VLAN working now?

It was broken until 7.15.1, especially when using IPv6, multicast packets got dropped by the bridge breaking RA and IPv6 autoconfiguration.
Indeed I had issues with that, but currently with 7.16 all works fine.
 
User avatar
mrbyte
just joined
Posts: 13
Joined: Mon Jun 03, 2024 1:29 am
Location: Tarragona

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 2:30 pm

Thanks @ToTheFull, on my hAP EX2 I had the same problem from v.15.x onwards.
I will stay with v.14.3.

Regards.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 2:38 pm

It was broken until 7.15.1, especially when using IPv6, multicast packets got dropped by the bridge breaking RA and IPv6 autoconfiguration.
this is broken since forever.
The workaround is to create static mdb entries for well-known ipv6 multicast groups: https://help.mikrotik.com/docs/pages/vi ... d=59277403 (scroll to the bottom).
 
david99
just joined
Posts: 1
Joined: Tue Jan 24, 2017 8:52 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 2:47 pm

@david99
First: on wireless access points, configure the DHCP client correctly. The device to get the IP address is not ether1, but your bridge.
Second, figure out the VLANs on the router. Which ports on the router you have wireless access points connected to and which VLANs should be forwarded there through the router's bridge.
Ok I will reconfigure dhcp client on APs thank you. for the VLANs they are not in use currently but before they were working. I could potentialy remove them at all but do you think those could cause this issue? Basically Vlans were configured to the same port by which router is connected to switch so the same port is also for APs connection. Before it was working without issue.

David
 
nmt1900
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Feb 01, 2017 12:36 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 3:36 pm

Strange problem seem to be appeared after upgrade - CAPs are unable to connect to CAPsMAN over CAPsMAN's IPv6 link-local address, while other services (like DNS and NTP) are available to CAPs over the same address. Logging in firewall shows that other traffic from CAPs link-local addresses is visible to firewall, while CAPWAP traffic is not. It looks like CAP is unable send requests out to that address.

Neighbour discovery over same address works OK as well.
 
foraster
newbie
Posts: 29
Joined: Tue Oct 01, 2019 5:31 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 3:59 pm


Did you also upgrade the firmware (under System -> RouterBOARD, and then reboot). The hAP ac² has a IPQ-4018 CPU and according to the changelog, a firmware upgrade is required for IPQ-40xx

*) routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
Yes I did upgrade the firmware, but had to downgrade till I have some more time to diagnose if it is a a bad power supply or if the v7.16 is demanding more power han before...
 
iwikus
newbie
Posts: 35
Joined: Sat Jun 16, 2007 9:55 am

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 4:01 pm

certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
More info on this? Any doc?
 
dag
just joined
Posts: 2
Joined: Mon Dec 16, 2019 8:48 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 4:06 pm

Quick report: on CRS310
ingress-filtering=no
on a bridge interface does not work anymore after an upgrade to 7.16, VLAN filtering seems to be enforced anyway (which is a problem for stuff like FTTx that often comes with funky VLANs dictated by ISPs who don't seem to care too much about RFCs).

I only tested this with the CRS310, this may or may not impact other devices, I have a couple RBs and CCRs as well, I'll test them when I have a minute.

Reverted back to 7.15.3, it works just fine.
Last edited by dag on Thu Sep 26, 2024 4:41 pm, edited 4 times in total.
 
victorbayas
just joined
Posts: 16
Joined: Wed Aug 07, 2024 1:56 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 4:13 pm

Tested reselect-interval again on my AX3, it works great without disconnecting clients only when it chooses non DFS channels. Otherwise the interface goes down for CAC (if you have 802.11k/v/r with the same SSID for both bands it shouldn’t be noticeable).

I left it enabled for 2.4GHz with auto channel and manual DFS channel for 5GHz.

Who knows if MikroTik WiFi 7 APs will have a dedicated radio for zero wait DFS, then it makes sense for them to add the feature.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 4:42 pm

STABLE IS IT!
09:19:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -65
09:19:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:20:47 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:25:19 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
09:25:20 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:26:27 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
09:26:27 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:29:29 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
09:29:29 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:32:15 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -84
09:32:19 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -86
09:35:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:35:16 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:39:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:39:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:43:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:43:16 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 connected, signal strength -54
09:45:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -63
09:45:29 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:46:11 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
09:46:34 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:46:34 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -83
09:46:35 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:46:38 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -81
09:47:15 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:47:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -82
09:47:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
09:53:38 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -53
09:53:40 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -58
10:03:46 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -48
10:03:49 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:10:55 wireless,info 0A:BA:D7:A3:E6:19@wifi1 disconnected, connection lost, signal strength -56
10:11:11 wireless,info 0A:BA:D7:A3:E6:19@wifi1 connected, signal strength -58
10:13:56 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -52
10:13:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:24:00 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -54
10:24:04 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -59
10:34:09 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -49
10:34:12 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:44:19 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
10:44:21 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:54:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
10:54:38 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
10:57:50 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -49
10:57:51 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
10:59:01 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
10:59:01 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
11:09:07 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
11:09:07 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:12:14 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:12:32 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:14:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:14:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:17:28 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:17:28 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:20:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:20:40 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -83
11:20:40 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:26:51 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
11:26:53 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:30:23 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:30:23 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:34:22 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:34:22 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:36:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
11:36:31 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:39:19 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:39:26 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:41:28 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:41:28 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:44:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:44:41 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:47:57 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:47:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -82
11:50:07 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:50:07 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -82
11:52:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
11:52:30 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -52
12:02:40 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
12:02:41 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
REALLY!

How many AP's do u have?
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1480
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 5:04 pm

Well... No wonder you got disconnected... That signal strength is sh*t...
 
toxicfusion
Member
Member
Posts: 324
Joined: Mon Jan 14, 2013 6:02 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 5:19 pm

STABLE IS IT!
09:19:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -65
09:19:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:20:47 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:25:19 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
09:25:20 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:26:27 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
09:26:27 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:29:29 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
09:29:29 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:32:15 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -84
09:32:19 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -86
09:35:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:35:16 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:39:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:39:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:43:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
09:43:16 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 connected, signal strength -54
09:45:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -63
09:45:29 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:46:11 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
09:46:34 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:46:34 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -83
09:46:35 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
09:46:38 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -81
09:47:15 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
09:47:16 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -82
09:47:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
09:53:38 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -53
09:53:40 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -58
10:03:46 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -48
10:03:49 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:10:55 wireless,info 0A:BA:D7:A3:E6:19@wifi1 disconnected, connection lost, signal strength -56
10:11:11 wireless,info 0A:BA:D7:A3:E6:19@wifi1 connected, signal strength -58
10:13:56 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -52
10:13:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:24:00 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -54
10:24:04 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -59
10:34:09 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -49
10:34:12 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:44:19 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
10:44:21 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -57
10:54:29 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
10:54:38 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
10:57:50 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -49
10:57:51 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
10:59:01 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
10:59:01 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
11:09:07 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
11:09:07 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:12:14 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:12:32 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:14:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:14:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:17:28 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:17:28 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:20:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:20:40 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, connection lost, signal strength -83
11:20:40 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:26:51 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
11:26:53 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:30:23 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:30:23 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:34:22 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:34:22 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:36:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -80
11:36:31 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:39:19 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:39:26 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:41:28 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:41:28 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84
11:44:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:44:41 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -83
11:47:57 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -81
11:47:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -82
11:50:07 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82
11:50:07 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -82
11:52:30 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -83
11:52:30 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -52
12:02:40 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 disconnected, SA Query timeout, signal strength -51
12:02:41 wireless,info 6C:A1:00:23:77:DE@cap-wifi2 connected, signal strength -56
REALLY!
Same issues here for a customer. Not acceptable, been same since 7.15.3, etc. We're starting to move to another WiFi vendor.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 5:45 pm

certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
More info on this? Any doc?
It's about LetsEncrypt certificate using DNS-01 challenge (https://letsencrypt.org/docs/challenge- ... -challenge) - implemented only for sn.mynetname.net. That's probably why the named it "type=cloud-dns". Maybe one day ROS supports DNS-01 for other domains as well ("type=dns-01" most probably then).

You do not need a public facing HTTP server on port 80 for the .well-known challenge.

To create a certificate for the "your-device-serial.sn.mynetname.net" you just need this:
/certificate/enable-ssl-certificate type=cloud-dns
This is pretty cool. Good job, Mikrotik!
 
seriquiti
newbie
Posts: 25
Joined: Wed May 11, 2022 12:55 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 6:13 pm

Well... No wonder you got disconnected... That signal strength is sh*t...
He is refering to SA query timeouts, and signal strength is not sh*t. He is getting that with signal stronger than -65.

Getting the same issues on my AX2 - went back to 7.14.3 when this wasn't happening.
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1480
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 6:16 pm

After switching to WPA2 only I don't have any problems with that. Connection is much more stable now.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 6:27 pm

Yeah, I am also getting alot of disconnects with good signal at a clients location using 7.15.3 with 3 ax AP's, I cant seeem to replcate the issue in lab using same config and connected devices roam as they should, could be some interference somewhere at clients location. I will turn down the AP TX power tonight to see if issue goes away
 
ToTheFull
Member
Member
Posts: 402
Joined: Fri Mar 24, 2023 3:24 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 9:12 pm

Well... No wonder you got disconnected... That signal strength is sh*t...
You might want to look a little harder!
 
ToTheFull
Member
Member
Posts: 402
Joined: Fri Mar 24, 2023 3:24 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 9:15 pm

How many AP's do u have?
Just the 2 AP's you can see the Laptop trying all of the Radios it's allowed on with the same SSID so 3 Choices
 
mustang1986
just joined
Posts: 1
Joined: Wed May 31, 2023 9:07 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 9:40 pm

7.16 solve it wifi-qcom-ac memory leak?
I don't see any memory leak.
It`s ok? No memory leak?
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 11:10 pm

Give it a try.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Thu Sep 26, 2024 11:54 pm

*) console - added "about" filters for "find" and "print where" commands;
How does this about parameter work? Can't figure it out. Docs unavailable.
 
SMARTNETTT
just joined
Posts: 22
Joined: Mon Feb 11, 2019 9:07 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 12:11 am

32 routers x86 and 270 client actualized now all fine
only static dns lose but we put agen and all fine
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 12:50 am

Not directly related to 7.16, but of my interest:
What's new in 7.14beta7 (2024-Jan-15 11:37):

*) sms - moved LTE SMS read settings from "/tool/sms" to "/interface/lte" menu and migrate old configuration (CLI only);
There was a changelog item in 7.14beta7 that did not appear in changelog of 7.14 stable. I dont know what happened to that change. A remaining hint is an option called "sms-read" in /interface/lte. And I dont know what it does or what it is used for. Mikrotik, can you elaborate on this?
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 1:57 am

Experiencing lots of reboots (up to every 2-30 minutes) on a HAP AC2 working as a wireless trunk between two segments of the network, upgraded to v7.16, on logs I only get the "possible power outage" message.
i'm also seeing this on a hAP ac2 acting as CAP (wifi-qcom-ac, 5GHz only, Ceee).
2024-09-26 12:57:13 system,error,critical router rebooted without proper shutdown, probably power outage
2024-09-26 12:58:23 system,clock,critical,info ntp change time Sep/26/2024 12:57:50 => Sep/26/2024 12:58:23
2024-09-26 12:58:24 system,error,critical router rebooted without proper shutdown, probably power outage
2024-09-26 13:03:03 system,clock,critical,info ntp change time Sep/26/2024 12:59:01 => Sep/26/2024 13:03:03
2024-09-26 13:03:05 system,error,critical router rebooted without proper shutdown, probably power outage
2024-09-26 13:07:11 system,clock,critical,info ntp change time Sep/26/2024 13:03:41 => Sep/26/2024 13:07:11
2024-09-26 13:07:13 system,error,critical router rebooted without proper shutdown, probably power outage
2024-09-26 13:11:39 system,clock,critical,info ntp change time Sep/26/2024 13:07:51 => Sep/26/2024 13:11:39
user reported the problem occurred while downloading from Steam, during idle periods it seems stable. i'll do some more testing and see if downgrading fixes it but i guess this will be a new support request.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 2:05 am

powered by power supply or Poe?
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 2:06 am

powered by power supply or Poe?
PoE from a 4011.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 2:17 am

Maybe device needs more power on load which 4011 can't provide?
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 2:28 am

Maybe device needs more power on load which 4011 can't provide?
well, it was perfectly stable under 7.15.3, the only change i made recently was upgrading it to 7.16. but as i say i'll do some more testing later today (when users went to sleep) and we'll see.
 
Kernal87
just joined
Posts: 2
Joined: Mon Mar 29, 2021 6:55 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 2:42 am

Hi

We have updated all routers to 7.16 since Wednesday.
Now we have the problem that the routers hang up after a while and no longer allow connections. The only thing that helps is a restart.
Both CHR version and hardware such as RB5009UPr+S+.

Does anyone have the same problem?
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 3:49 am

well, it was perfectly stable under 7.15.3, the only change i made recently was upgrading it to 7.16. but as i say i'll do some more testing later today (when users went to sleep) and we'll see.
i was able to reproduce the problem with iperf3: under wireless load (~500Mbps) the device would reboot every few minutes. downgrading to 7.15.3 fixed the problem.

reported as SUP-166456.
 
SystemErrorMessage
Member
Member
Posts: 390
Joined: Sat Dec 22, 2012 9:04 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 4:51 am

i submitted the supout for 7.15 and 7.16 to mikrotik support, its been a few days already and not heard anything back.
Right now its really unusuable when it keeps rebooting frequently not due to load or anything strenuous.
 
hasmidzul
just joined
Posts: 2
Joined: Tue Jun 06, 2023 8:45 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 5:07 am

Are dns adlists still loaded to flash or already loaded to ram on this 7.16?
 
Reinis
MikroTik Support
MikroTik Support
Posts: 92
Joined: Wed Jan 02, 2019 12:14 pm
Location: Latvia
Contact:

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 6:44 am

Ok thanks. But please also explain if "short circuit" is an undesirable condition for the router, or if it can just be in that state forever without any risk of damage, overheating, etc.
I understand that the name gives an idea, that something is wrong, but that is literally what it is. Any resistance detection device would show exactly the same. It can just be in that state forever without any risk of damage, overheating, etc.

Please also read my post above: we use PoE out on "user ports" where either a PC or a VoIP phone (with through connection to PC) is connected. It is not convenient to have to configure the port differently for the different usages.
There is no need for poe-out to be turned off, suggestion simply implied "hides status that I don't like".

And on any industrial standard PoE switch that is not required at all! You just have 802.3af/at PoE enabled on all ports (by default) and you can plugin any device. The status of the PoE will either be "delivering" or "searching". When there is a low resistance it does not satisfy the 802.3af/at conditions and the status remains "searching" (or "wait for load" or whatever you want to call it).
As I understand that it is different for "passive PoE" (where you just need to try to deliver power and shut off when there is a short circuit to protect your equipment), I suggest (as above) to have a separate 802.3af/at mode where it does not even try to detect short circuit when it does not detect the correct resistance of an 802.3af/at device, just like everyone else does.
Just because other vendors hide the state, does not mean they don't measure the same. Hook up oscilloscope to any vendor PSE and you will see that detection is ran always, otherwise it is impossible for PSE to know -> now turn on the power. For non-pd safety, resistance-detection is done with up to 10.1V and has a very small current-limit. Any PSE evaluation board would show you "short-circuit" against non-poe-devices in their resistance detection register, because as I mentioned, that is literally what physically is measured. What other vendors do is simply hide it, most likely checks that PoE-Out was not enabled, L2 link is on -> no-pd capable device connected, or something like that

I agree that there is a room for improvement and we will be working on it. But all of it is just a "visual trick" and nothing else.
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 7:09 am


More info on this? Any doc?
It's about LetsEncrypt certificate using DNS-01 challenge (https://letsencrypt.org/docs/challenge- ... -challenge) - implemented only for sn.mynetname.net. That's probably why the named it "type=cloud-dns". Maybe one day ROS supports DNS-01 for other domains as well ("type=dns-01" most probably then).

You do not need a public facing HTTP server on port 80 for the .well-known challenge.

To create a certificate for the "your-device-serial.sn.mynetname.net" you just need this:
/certificate/enable-ssl-certificate type=cloud-dns
This is pretty cool. Good job, Mikrotik!
DNS-01 support for LE would be amazing. I’m not punching holes for port 80 from the world to internal gear but I already use DNS-01 to handle internal certificates for k8s. This is definitely the right path forward.
 
akelsey
just joined
Posts: 6
Joined: Wed Jul 22, 2015 9:37 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 8:22 am

Removed. Not related to firmware.
Last edited by akelsey on Sat Sep 28, 2024 11:14 pm, edited 1 time in total.
 
User avatar
marsbeetle
newbie
Posts: 48
Joined: Sun Feb 19, 2023 9:57 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 9:21 am

Well... No wonder you got disconnected... That signal strength is sh*t...
Wifi signal strength is certainly affected (again) with 7.16. A lot of my home automation lights on 2.4ghz lost connectivity after the upgrade to 7.16 - after downgrade to 7.15.3 they are all connecting fine again. I recall when AX3 was launched all the complaints with weak wifi signal but Mikrotik in their usual denial said it was a configuration issue. Then around 7.13 they updated the driver and suddenly signal strength was much better. Up to 7.15.x signal strength has been fine but with 7.16 it seems this has changed once again. Crazy inconsistency with updates.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 9:36 am

powered by power supply or Poe?
PoE from a 4011.
Updated device FW as well to 7.16 ?
Already 2 users with POE issues which were solved after performing FW upgrade as well.
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 10:10 am

Updated device FW as well to 7.16 ?
Already 2 users with POE issues which were solved after performing FW upgrade as well.
yes. i don't usually upgrade firmware but i noticed some firmware-related PoE issues with 7.16, so i upgraded firmware on both hAP ac2 and RB4011 to current 7.16. the problem still occurred.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 10:35 am

Ok thanks. But please also explain if "short circuit" is an undesirable condition for the router, or if it can just be in that state forever without any risk of damage, overheating, etc.
I understand that the name gives an idea, that something is wrong, but that is literally what it is. Any resistance detection device would show exactly the same. It can just be in that state forever without any risk of damage, overheating, etc.
Ok thanks for that info (and the other things in the reply)! I will keep the ports on "auto on", I was only worried that it would be trying to put "passive PoE" on the port and detect the short circuit, possibly damaging something.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 10:53 am

Hi

We have updated all routers to 7.16 since Wednesday.
Now we have the problem that the routers hang up after a while and no longer allow connections. The only thing that helps is a restart.
Both CHR version and hardware such as RB5009UPr+S+.

Does anyone have the same problem?
No, don't have that problem. Routers (and memory usage) are stable.
These reports are not very useful when there is no information at all about how the routers are used.
Suspect areas include the DNS resolver. Remove your "adlist", "doh" configuration, set a reasonable cache size (for the device memory) and see if it still occurs.
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 10:59 am

Hi,

Some of these 3 changes (I would discard the DPD) is making after a while, several polycy stop working between a remote hexs and L009.

The polycy is "established" but traffic stops passing to the tunnel, with a Disable/enable of the Policy everything works again ....

I have not suffered this in any 7.x.x. It is clearly a problem introduced in this version.

*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation;
*) ipsec - changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4;
*) ipsec - improved installed SA statistics update;

I just opened a support ticket, with 2 supout files, before and after enable/disable the policy manually.

Regards,
Last edited by wispmikrotik on Fri Sep 27, 2024 11:16 am, edited 2 times in total.
 
User avatar
woland
Member
Member
Posts: 309
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 11:05 am

With my new Laptop and after upgrading my CAPax to 7.16, WIFI became unusable. It´s probably my new chipset being Intel 6E AX211. Signal is perfect, but lots of SA Query Timeouts.
I read the forum quite often, so I know I would probably need to go back to WPA2. But it´s 2024 and I don´t understand why I would need to do that. With other vendors, including my other setups built with TP Link Omadas, everything is working perfectly and I can just forget the installed APs apart from running updates sometimes. Currently using MT WIFI is an adventure to unfold, instead of a quiet ride, as it should be.
 
woodych
just joined
Posts: 19
Joined: Fri Nov 12, 2021 7:09 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 11:17 am

CRS210 Switch Menue broken via WebFIG?

It looks like one the ACL and FDBs menues work after the upgrade. The ones regarding VLAN don't.

Also IGMP snooping only seems to be active on vlan 0, not on all vlan in use.

https://wiki.mikrotik.com/wiki/Manual:I ... Offloading Ok, that is a chip hardware limitation I guess.
 
User avatar
utiker
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Tue Jul 11, 2023 9:52 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 11:35 am

Yesterday I updated my hAP ac3, then my ATL. Since then, I can't connect to the ATL at all:

viewtopic.php?p=1099724

I really hope someone can help.
This is a critical situation and quite strange for a stable release.
 
User avatar
mantouboji
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Aug 01, 2022 2:21 pm
Location: Shanghai

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 3:10 pm


More info on this? Any doc?
This is pretty cool. Good job, Mikrotik!
Wait for RFC-2136 support
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 173
Joined: Mon Oct 16, 2023 3:09 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 4:44 pm

Updated both ROS and firmware version to 7.16 on: hAP ac^2 (x2), Audience, hAP ax^3. All international versions.

Uptime on hAP ax^3 is 17 hours; so far not seeing any DHCP or DNS issues (although my dhcp-script does auto-add static DNS entries).

My DHCP leases are explicitly bound to the DHCP server and look as follows:

/ip dhcp-server lease
add address=10.X.X.X comment=hostname lease-time=1h mac-address=XX:XX:XX:XX:XX:XX server=default

UPD 02.10.2024: No DHCP or DNS issues manifested on hAP ax^3. Updated ROS & firmware on a remote hAP ac^3. No DHCP or DNS issues either after more than a day of uptime.
Last edited by Nullcaller on Wed Oct 02, 2024 3:15 am, edited 1 time in total.
 
User avatar
robtor
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Sat Dec 09, 2023 3:27 pm
Location: Germany, Hessen
Contact:

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 6:13 pm

dude - fixed map element RouterOS package upgrade functionality;

What does this actually mean? Is it now again possible to upgrade devices with the dude again?
 
iwikus
newbie
Posts: 35
Joined: Sat Jun 16, 2007 9:55 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 7:40 pm

certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
More info on this? Any doc?
I had to find out by myself. Very cool feature, I have written blog post about it https://blog.erben.sk/2024/09/27/mikrot ... e-feature/
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 9:22 pm

Has anyone found out how this "about" filter works?
 
dimm0k
newbie
Posts: 33
Joined: Wed Feb 24, 2016 5:27 pm

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 9:33 pm

I've been using a container called bonjour-reflector to allow casting of devices from one VLAN over to the IoT VLAN prior to the release of ROS 7.16 until I realized that it was this container that was causing WAN degradation on the network for the *nix machines - Linux, Android, even macOS! Anyway, I noticed in the latest release of ROS that there's finally mDNS support and without even adding any interfaces to this list it looks like I'm already able to cast from my phone to some Google devices. My firewall is supposed to be set up so that the management VLAN can reach any device on the network, but not the other way around. Traffic from the IoT VLAN is also dropped if it's going anywhere but it's own network. This is done with the following forward rules
add action=drop chain=forward comment="Drop traffic to vlan99 from non-managem\
ent interfaces contained in non-mgmt interface list" in-interface-list=\
non_mgmt_int out-interface=vlan99
add action=drop chain=forward comment=\
"Drop traffic from vlan29 to vlan199 (main)" in-interface=vlan29 \
out-interface=vlan199
Supposedly with bonjour-reflector it automatically passed traffic from one VLAN to another using it's config so only devices listed would be accessible. With the 7.16 mDNS feature I was under the assumption that interfaces needed to be specified in ip/dns to not only enable this feature but to also specify which interfaces allow this. Am I missing something?
 
chojrak11
Member Candidate
Member Candidate
Posts: 134
Joined: Sun Apr 05, 2009 10:37 am

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 10:28 pm

Wow, the changelog is spectacular, for me working well, thank you Mikrotik!
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 615
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: v7.16 [stable] is released!

Fri Sep 27, 2024 11:24 pm

You can have a couple of .home.arpa records in the DNS and at the end a *.home.arpa$ record with NXDOMAIN.

From the docs:
The server is also capable of resolving DNS requests based on POSIX basic regular expressions so that multiple requests can be matched with the same entry. In case an entry does not conform with DNS naming standards, it is considered a regular expression. The list is ordered and checked from top to bottom. Regular expressions are checked first, then the plain records.

I never tried that, but doesn't that mean all *.home.arpa recrods going to be effectively NXDOMAIN'd?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4234
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 12:37 am

You can have a couple of .home.arpa records in the DNS and at the end a *.home.arpa$ record with NXDOMAIN.
From the docs:
[...] In case an entry does not conform with DNS naming standards
I never tried that, but doesn't that mean all *.home.arpa recrods going to be effectively NXDOMAIN'd?
Oh the answer is a complex, it depends. But if you have a static entry using .home.arpa it will resolve in my test, unless some regex does some match.

First home.arpa is a valid domain, RFC-8375 covers home.arpa as a special use domain. But per section 8, does resolve via "arpa":
dig soa home.arpa
[...]
home.arpa. 86400 IN SOA HOME.ARPA. . 0 28800 7200 604800 86400
... so you can see how it kinda strange.

To summarize, it's related to mDNS and its unicast cousin DNS-SD, specifically mDNS's Discovery Proxy — a feature Mikrotik's DNS should support. The gory details on home.arpa's usage are in RFC-8766 as an alternative to multicast mDNS lookups. Essentially an OS client resolver makes a normal DNS query to a router that ends in "home.arpa" – instead of making multicast mDNS local up for ".local". The general idea is that home routers "default domain" is actually "home.arpa" in the recent RFCs.
Performing DNS-based Service Discovery using purely Unicast DNS is more efficient and doesn't require large multicast domains [that mDNS discovery would] but does require [...] data be available in the Unicast DNS namespace. The Unicast DNS namespace in question could fall within a traditionally assigned globally unique domain name, or it could be within a private local unicast domain name such as ".home.arpa"

So it's likely some OS with a Bonjour/mDNSResponder/Avanti things TRYING to use the DNS server, to get an mDNS answer, which what the RFCs suggestion a client should do. So it's not unexpected to see the home.arpa domains hit Mikrotik's DNS...

But I don't know why you'd get NXDOMAIN back if there was /ip/dns/static using it....
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 1:14 am

My log is flooding with messages of dns cache full:
 09-28 00:04:07 dns,error cache full, not storing
 09-28 00:04:07 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:09 dns,warning DoH max concurrent queries reached, ignoring query
 09-28 00:04:09 dns,warning DoH max concurrent queries reached, ignoring query [ignoring repeated messages]
 09-28 00:04:19 dns,error cache full, not storing
 09-28 00:04:19 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:29 dns,error cache full, not storing
 09-28 00:04:29 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:40 dns,error cache full, not storing
 09-28 00:04:40 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:50 dns,error cache full, not storing
 09-28 00:04:50 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:00 dns,error cache full, not storing
 09-28 00:05:00 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:10 dns,error cache full, not storing
 09-28 00:05:10 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:20 dns,error cache full, not storing
 09-28 00:05:20 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:30 dns,error cache full, not storing
 09-28 00:05:30 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:41 dns,error cache full, not storing
 09-28 00:05:41 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:57 dns,error cache full, not storing
 09-28 00:05:57 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:06:10 dns,error cache full, not storing
I never seen or had this before. But 132 cache entries seem not much. But use up all 2mib of cache? These "cache full" messages I see for several hours now. So it seems the cache entries do not expire or free.
[foo@bar] /ip/dns/cache/all> print count-only 
133
Anyone a clue?

Another finding:

After a
/ip/dns/cache/flush
there are only 12 cache items left:
/ip/dns/cache/all/print count-only 
12
But the cache is still utilized to the full 2048kib.
                   cache-size: 2048KiB
                   cache-used: 2048KiB
And I still get the "cache full" errors.
Holy chick.

And another finding: viewtopic.php?t=209252

And another finding: viewtopic.php?t=208218#p1085660

What's wrong? This cna't be a bug known and reported months ago.
2024-09-28_00-11.png
You do not have the required permissions to view the files attached to this post.
Last edited by infabo on Sat Sep 28, 2024 1:28 am, edited 3 times in total.
 
MrYan
Member Candidate
Member Candidate
Posts: 172
Joined: Sat Feb 27, 2010 6:13 pm

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 1:19 am

Seems there has been a change in behaviour with Netwatch. I have a device in a VRF that used to work with just the IP address defined in the host= parameter. This was due to there being a /routing/rule that forced the destination address to be looked up in the particular VRF (table).

Now that no longer works, I have to specify host=<ip-address>@table for it to change to an up state.

I've verified that I can ping the address from the router and (using /tool/sniffer) that all the src/dst IP and MAC addresses are correct. Not sure why Netwatch seems to be ignoring the /routing/rules?
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 11:48 am

My RouterOS 7.15.3 was upgraded to version 7.16, and DNS functionality encountered issues:

1. Upgraded from version 7.15.3 to 7.16 using the /system package check-for-upgrade by winbox.
2. After the automatic reboot, an autoupgrade was generated, but the DNS dynamic servers were empty. However, both ip-dhcp-client and ipv6-dhcp-client were able to retrieve DNS information.
3. After a manual reboot, the DNS configuration was completely lost, including the "allow remote requests" setting, which was reset to its default (disabled). Manually configured DNS servers were empty, and the dns-static entries were cleared.

A ticket has been submitted, please refer to SUP-166629 for further details.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 11:55 am

My log is flooding with messages of dns cache full:
 09-28 00:04:07 dns,error cache full, not storing
 09-28 00:04:07 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:09 dns,warning DoH max concurrent queries reached, ignoring query
 09-28 00:04:09 dns,warning DoH max concurrent queries reached, ignoring query [ignoring repeated messages]
 09-28 00:04:19 dns,error cache full, not storing
 09-28 00:04:19 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:29 dns,error cache full, not storing
 09-28 00:04:29 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:40 dns,error cache full, not storing
 09-28 00:04:40 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:04:50 dns,error cache full, not storing
 09-28 00:04:50 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:00 dns,error cache full, not storing
 09-28 00:05:00 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:10 dns,error cache full, not storing
 09-28 00:05:10 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:20 dns,error cache full, not storing
 09-28 00:05:20 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:30 dns,error cache full, not storing
 09-28 00:05:30 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:41 dns,error cache full, not storing
 09-28 00:05:41 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:05:57 dns,error cache full, not storing
 09-28 00:05:57 dns,error cache full, not storing [ignoring repeated messages]
 09-28 00:06:10 dns,error cache full, not storing
I never seen or had this before. But 132 cache entries seem not much. But use up all 2mib of cache? These "cache full" messages I see for several hours now. So it seems the cache entries do not expire or free.
[foo@bar] /ip/dns/cache/all> print count-only 
133
Anyone a clue?

Another finding:

After a
/ip/dns/cache/flush
there are only 12 cache items left:
/ip/dns/cache/all/print count-only 
12
But the cache is still utilized to the full 2048kib.
                   cache-size: 2048KiB
                   cache-used: 2048KiB
And I still get the "cache full" errors.
Holy chick.

And another finding: viewtopic.php?t=209252

And another finding: viewtopic.php?t=208218#p1085660

What's wrong? This cna't be a bug known and reported months ago.

2024-09-28_00-11.png
I encountered a similar issue with version 7.15.3, and there is currently no solution available. The only approach you can try is to continuously increase the size of the DNS cache.
If you don’t increase the cache size, once the cache is full, you will experience a range of random DNS issues, including but not limited to:
DNS not responding,DNS service crashes,Loss of dynamic DNS entries, and various other DNS-related problems.

I submitted a ticket back when I was on version 7.15.3, but the investigation from the official support team has not yielded any results yet. The issue is even worse on version 7.16. After upgrading to 7.16, an autosupout.rif file was automatically generated, and after each reboot, all DNS-related configurations are lost.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 12:15 pm

My RouterOS 7.15.3 was upgraded to version 7.16, and DNS functionality encountered issues:

1. Upgraded from version 7.15.3 to 7.16 using the /system package check-for-upgrade by winbox.
2. After the automatic reboot, an autoupgrade was generated, but the DNS dynamic servers were empty. However, both ip-dhcp-client and ipv6-dhcp-client were able to retrieve DNS information.
3. After a manual reboot, the DNS configuration was completely lost, including the "allow remote requests" setting, which was reset to its default (disabled). Manually configured DNS servers were empty, and the dns-static entries were cleared.
When you have behavior like that, the internal filesystem used to store configuration is probably corrupted, e.g. due to the flash having been completely filled at some time. Do a netinstall to recover from that.
Also, it is completely useless to complain about behavior of some subsystem like DNS without at least showing how you configured it.
E.g. I never use DoH and adlist, only have static and sometimes automatic DNS resolver entries, and maybe some static records, and for me it all works fine. But I do increase the default cache size, no idea why it is so small by default, most devices have ample RAM memory.
 
nmt1900
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Feb 01, 2017 12:36 am

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 3:19 pm

...
Another finding:

After a
/ip/dns/cache/flush
there are only 12 cache items left:
/ip/dns/cache/all/print count-only 
12
But the cache is still utilized to the full 2048kib.
                   cache-size: 2048KiB
                   cache-used: 2048KiB
And I still get the "cache full" errors.
Holy chick.

And another finding: viewtopic.php?t=209252

And another finding: viewtopic.php?t=208218#p1085660

What's wrong? This cna't be a bug known and reported months ago.

2024-09-28_00-11.png
Does not sound normal. I have about 1050 cache entries and cache uses about 500 kB of RAM for this...
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 615
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: v7.16 [stable] is released!

Sat Sep 28, 2024 11:12 pm

But I don't know why you'd get NXDOMAIN back if there was /ip/dns/static using it....
If the DNS server run by RouterOS has two /ip/dns/static records (in that order):
  1. nas.home.arpa A 192.168.1.101
  2. *.home.arpa$ NXDOMAIN
Then, per my understanding of the docs, client’s request for nas.home.arpa is going to match [2].

Am i wrong?
Last edited by Kentzo on Sun Sep 29, 2024 11:33 pm, edited 1 time in total.
 
dimm0k
newbie
Posts: 33
Joined: Wed Feb 24, 2016 5:27 pm

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 4:32 am

With not much info on mDNS Repeater Interfaces with ROS 7.16 my assumption is that if there are no interfaces listed then there would be no multicasting available at all, but on my device with no interfaces listed I am still able to see and cast to devices on the IoT VLAN from a different VLAN. am I missing something?
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 8:56 am

My RouterOS 7.15.3 was upgraded to version 7.16, and DNS functionality encountered issues:

1. Upgraded from version 7.15.3 to 7.16 using the /system package check-for-upgrade by winbox.
2. After the automatic reboot, an autoupgrade was generated, but the DNS dynamic servers were empty. However, both ip-dhcp-client and ipv6-dhcp-client were able to retrieve DNS information.
3. After a manual reboot, the DNS configuration was completely lost, including the "allow remote requests" setting, which was reset to its default (disabled). Manually configured DNS servers were empty, and the dns-static entries were cleared.
When you have behavior like that, the internal filesystem used to store configuration is probably corrupted, e.g. due to the flash having been completely filled at some time. Do a netinstall to recover from that.
Also, it is completely useless to complain about behavior of some subsystem like DNS without at least showing how you configured it.
E.g. I never use DoH and adlist, only have static and sometimes automatic DNS resolver entries, and maybe some static records, and for me it all works fine. But I do increase the default cache size, no idea why it is so small by default, most devices have ample RAM memory.
The issue occurred on multiple devices running version 7.15.3. Are you suggesting that all the storage devices have failed?

The devices experiencing problems include RB450Gx4, RB4011, RB5009, and CHR.
The solution has been to downgrade from 7.16 back to 7.15.3 and restore from a backup made in 7.15.3, which resolves the issue. However, after upgrading again, the problem still persists.

My understanding is that 7.16 introduced significant changes to DNS, which led to these internal issues. The generated autosupout file has been submitted, and we are awaiting the official investigation results.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 10:38 am

But I don't know why you'd get NXDOMAIN back if there was /ip/dns/static using it....
If the DNS server run by RouterOS has two /ip/dns/static records (in that order):
  • nas.home.arpa A 192.168.1.101
  • *.home.arpa$ NXDOMAIN
Then, per my understanding of the docs, client’s request for nas.home.arpa is going to match [2].

Am i wrong?
Yes, you're wrong. The regex entry matches instead.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 2:22 pm

No, that is not true. The DNS resolver processes the entries from top to bottom (like the firewall) so you can have that config.
Of course the syntax of the wildcard record is wrong, it should have been: .*\.home\.arpa$
(it is a posix regexp which is different from the common filename regexp)
 
ros44
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 2:24 pm

All my dynamic IP list entries are missing after the upgrade. I had to add them again from backup.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12861
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 2:55 pm

All my dynamic IP list entries are missing after the upgrade. I had to add them again from backup.

Aren't dynamic entries kept in RAM (to save lots of glash storage space and potentialky many flash writes)? That would mean that entries are lost on every reboot (upgrade or not).
 
Kernal87
just joined
Posts: 2
Joined: Mon Mar 29, 2021 6:55 pm

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 8:34 pm

Hi

We have updated all routers to 7.16 since Wednesday.
Now we have the problem that the routers hang up after a while and no longer allow connections. The only thing that helps is a restart.
Both CHR version and hardware such as RB5009UPr+S+.

Does anyone have the same problem?
No, don't have that problem. Routers (and memory usage) are stable.
These reports are not very useful when there is no information at all about how the routers are used.
Suspect areas include the DNS resolver. Remove your "adlist", "doh" configuration, set a reasonable cache size (for the device memory) and see if it still occurs.

The problem also occurs with other routers such as HEXs

I have now reduced the DNS cache from 2048 KiB to 1024 KiB.
We do not use DOH and adlist.


Basically the following things are configured

DHCP server
PPPOE dial-in
2 VLANs
Firewall (ipv4 & ipv6) incl. address list (5 entries)
2 x Wireguard connections
2x BGP via the wireguard connections
SNMP

But no idea why it crashes sporadically.
Last edited by Kernal87 on Mon Sep 30, 2024 3:22 am, edited 1 time in total.
 
User avatar
spippan
Member
Member
Posts: 459
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 8:48 pm


DNS-01 support for LE would be amazing. I’m not punching holes for port 80 from the world to internal gear but I already use DNS-01 to handle internal certificates for k8s. This is definitely the right path forward.
DNS-01 with LE would be awesome!! had to setup cloudflare for a nginx reverse wildcard cert last week
would have been surely more convinient with a built-in DNS-01 functionality
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4234
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: v7.16 [stable] is released!

Sun Sep 29, 2024 9:01 pm

If the DNS server run by RouterOS has two /ip/dns/static records (in that order):
  1. nas.home.arpa A 192.168.1.101
  2. *.home.arpa$ NXDOMAIN
Then, per my understanding of the docs, client’s request for nas.home.arpa is going to match [2]. Am i wrong?
Yes, you're wrong. The regex entry matches instead.
FWIW, I think that's what he meant by [2]. (it's a bug in the forum... if you use a "numbered list button", it does not create a numbered list, you need a "list=1" not just "list=")

But you can cheat this with the "match-subdomain=yes", since this puts them in same static "category" in the DNS's two-step static lookup:
/ip/dns/static/add name=nas.home.arpa type=A address=192.168.88.100 match-subdomain=yes 
/ip/dns/static/add name=home.arpa type=NXDOMAIN match-subdomain=yes
Now, this has the side-effect of also resolves "whatever.nas.home.arpa" to same IP as "nas.home.arpa", but again if you used another match-submdomain=yes... .

My point above is that home.arpa is a valid domain per RFCs & will get sent to uptream DNS per specs – unless /ip/dns matches it somehow that is... So if you don't want mDNS/DNS-SD stuff like _ipp._tcp.home.arpa kinda stuff leaking (which likely isn't a huge problem per se, since there is no sensitive info), then some you need some /ip/dns/static to prevent it. Like the "/ip/dns/static/add name=home.arpa type=NXDOMAIN match-subdomain=yes" shown above (without the static host in most cases)
 
Boulder08
just joined
Posts: 19
Joined: Thu Oct 12, 2023 10:37 am

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 9:19 am

This morning I started upgrading my cAP ac by updating the packages. Now the device seems to be in a boot loop, from my router I can see it disconnecting and connecting constantly and it is not possible to access the UI using WinBox.

I really hope this doesn't mean I once again have to set up everything from scratch.
 
erlinden
Forum Guru
Forum Guru
Posts: 2571
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 9:42 am

I really hope this doesn't mean I once again have to set up everything from scratch.
Pretty sure you created an export, just in case this happens!? Especially after previous event...
 
Boulder08
just joined
Posts: 19
Joined: Thu Oct 12, 2023 10:37 am

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 10:07 am

Yes, I should have one still on my desktop. I just had a hard time getting the thing reinstalled using Netinstall last time, and don't remember what I exactly did to get it finally working.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 10:18 am

This morning I started upgrading my cAP ac by updating the packages. Now the device seems to be in a boot loop, from my router I can see it disconnecting and connecting constantly and it is not possible to access the UI using WinBox.

I really hope this doesn't mean I once again have to set up everything from scratch.
What includes "the packages" exactly?
 
Boulder08
just joined
Posts: 19
Joined: Thu Oct 12, 2023 10:37 am

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 10:31 am

This morning I started upgrading my cAP ac by updating the packages. Now the device seems to be in a boot loop, from my router I can see it disconnecting and connecting constantly and it is not possible to access the UI using WinBox.

I really hope this doesn't mean I once again have to set up everything from scratch.
What includes "the packages" exactly?
The basic ones to make things work, nothing extra added there. I don't remember by heart which two there are installed (and cannot check because the thing is bricked).
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 10:53 am

why update packages manually and not use the built-in update functionality?
 
Boulder08
just joined
Posts: 19
Joined: Thu Oct 12, 2023 10:37 am

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 11:47 am

why update packages manually and not use the built-in update functionality?
I did use the built-in functionality. That's what bugs me, MT is really flaky at times.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 12:02 pm

*) wifi-qcom-ac - improved memory allocating process;
I'm afraid this is not fixed yet.
cAP AC, reboot after 2d22h due to kernel failure.
PRTG monitoring shows increasing memory usage until reboot happens.

Back to daily scheduled reboot for now 8)

I already have an open ticket, will send autosupout there.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 12:33 pm

4+ days uptime on cap ac here.
/system/resource/print 
                   uptime: 4d1h43m31s
                  version: 7.16 (stable)
               build-time: 2024-09-20 13:00:27
         factory-software: 6.44.6
              free-memory: 32.5MiB
             total-memory: 128.0MiB
                      cpu: ARM
                cpu-count: 4
            cpu-frequency: 672MHz
                 cpu-load: 1%
           free-hdd-space: 736.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 493
         write-sect-total: 32280
        architecture-name: arm
               board-name: cAP ac
                 platform: MikroTik
 
welder
just joined
Posts: 3
Joined: Tue Aug 24, 2021 3:30 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 12:45 pm

Similar problem here.
Instead asking the server it was told to use it gets it from the static entry.
also cname records not printed it seems

/ip/dns/static/print
Columns: NAME, TYPE, ADDRESS, TTL
# NAME TYPE ADDRESS TTL
;;; defconf
0 router.lan A 192.168.1.1 1d
1 unifi CNAME 1d
2 jozska.ddns.pista.hu A 192.168.1.1 5s

/system/script/print
Flags: I - invalid
0 name="DDNS" owner="welder" policy=ftp,read,test dont-require-permissions=no last-started=2024-09-30 11:38:15 run-count=4580
source=
:local hostName [/system/identity/get name];
:local resolvedIP [:resolve domain-name=$hostName server=ddns.pista.hu type=ipv4];
:log info $resolvedIP;
:local ipaddress [/ip/address/get [find interface="vodafone"] address];
:log info $ipaddress;
:local currentIP [:pick $ipaddress 0 [:find $ipaddress "/"]];
:if ($resolvedIP != $currentIP) do={
:log info ("Pista DDNS: " . $hostName . " : " . $resolvedIP . " -> " . $currentIP);
:local result [/tool/fetch user=MikroTik password="Jelszo" url=("https://ddns.pista.hu/nic/update?system ... $currentIP)
as-value output=user];
:log info $result;
} else={
:log info ($hostName . " : " . $resolvedIP . " == " . $currentIP);
}

/log/print
11:40:15 script,info 192.168.1.1
11:40:15 script,info 78.139.9.126/24
11:40:15 script,info Pista DDNS: jozska.ddns.pista.hu : 192.168.1.1 -> 78.139.9.126
11:40:15 fetch,info Download from ddns.pista.hu FINISHED
11:40:16 script,info data=nochg 78.139.9.126
11:40:16 script,info ;downloaded=0;duration=00:00:01;status=finished

(domain names are not real!!! mangled)
DNS :resolve command is not working as intended.

In ROS 7.15.3, DNS resolution works correctly and queries DNS server:
:resolve "www.google.com" server=<DNS server>
In ROS 7.16, DNS resolution uses the cache and does not seem to query server (10.9.91.200 does not exist in test LAN):
:put [:resolve domain-name="www.google.com" server=10.1.91.200 ]
172.217.20.164
:put [:resolve domain-name="www.google.com.br" server=10.90.90.200 ]
failure: dns server failure
Opened SUP-166143
 
jdub88
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Sep 25, 2020 1:35 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 1:21 pm

Despite the initial problems I faced (loss of connectivity, no DoH, Wireguard failing, which I believe was all to do with wrong time), I have had over 5 days of stable uptime on my hAP AX3

This is a home router, no trunking to other switches etc.

I use:

6 VLANs (with DHCP, Firewall rules) etc, 5 of which have wifi (2 each, for 2.4 and 5ghz)
DoH
Wireguard
Basic extras like interface and address lists
A few scripts and scheduled tasks for backups

Pretty basic stuff but has been fine since.
 
vovan700i
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Wed Jun 06, 2012 8:34 am

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 2:11 pm

Confirm a similar behaviour of 5009 and hap ac3. WAN has an IP address assigned and suddenly stops passing connections. There is no useful info in the log. It happened 2 or 3 times during the last 24 hours. Restart is the only way to make WAN work again.

Before 7.16 the routers had 7.15.3 and worked stable for a couple of weeks without a reboot.
Hi

We have updated all routers to 7.16 since Wednesday.
Now we have the problem that the routers hang up after a while and no longer allow connections. The only thing that helps is a restart.
Both CHR version and hardware such as RB5009UPr+S+.

Does anyone have the same problem?
 
faxxe
newbie
Posts: 40
Joined: Wed Dec 12, 2018 1:46 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 4:12 pm

Confirm a similar behaviour of 5009 and hap ac3. WAN has an IP address assigned and suddenly stops passing connections. There is no useful info in the log. It happened 2 or 3 times during the last 24 hours. Restart is the only way to make WAN work again.

Before 7.16 the routers had 7.15.3 and worked stable for a couple of weeks without a reboot.
Even on my CCR1009, connections suddenly stopped working after approx. 1d of uptime.

-faxxe
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 4:23 pm

I don't think we will get any further with that issue when people report it only like that.
Either make a ticket at the support system including your supout.rif or post the (possibly anonymized) export file.
I have several routers running 7.16 both at home and at work and I have not observed this.
 
Kernal87
just joined
Posts: 2
Joined: Mon Mar 29, 2021 6:55 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 5:36 pm

Confirm a similar behaviour of 5009 and hap ac3. WAN has an IP address assigned and suddenly stops passing connections. There is no useful info in the log. It happened 2 or 3 times during the last 24 hours. Restart is the only way to make WAN work again.

Before 7.16 the routers had 7.15.3 and worked stable for a couple of weeks without a reboot.
Even on my CCR1009, connections suddenly stopped working after approx. 1d of uptime.

-faxxe
Today the model hex with routeros 7.16 has already failed to respond 3 times and had to be restarted.

Here is the config of one of the routers where the problem occurs. I have changed names and public IPs.
Maybe someone will find the error.

The fact is that I have about 10 routers in use and the problem occurs everywhere since version 7.16. They are all configured similarly. So with BGP and Wireguard, DNS and Firewall. SNMP queries and API queries are also made. I don't know if this is related. Backup files are also created and retrieved via ftp.
# 2024-09-30 16:10:18 by RouterOS 7.16
# software id = XXXXXXX
#
# model = RB5009UG+S+
# serial number = HFXXXXXXXXX
/interface bridge
add admin-mac=78:9A:18:61:C7:D5 auto-mac=no comment=BR-CUST name=BR-CUST port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=1-AP
set [ find default-name=ether2 ] name=2-Uplink
set [ find default-name=ether3 ] name=3-Uplink
set [ find default-name=ether4 ] name=4-Uplink
set [ find default-name=ether5 ] name=5-Uplink
set [ find default-name=ether6 ] name=6-Uplink
set [ find default-name=ether7 ] name=7-Uplink
set [ find default-name=ether8 ] name=8-Internet
/interface wireguard
add listen-port=13231 mtu=1420 name=WG01
add listen-port=13232 mtu=1420 name=WG02
/interface vlan
add interface=BR-CUST name=VLAN20-PublicInternet vlan-id=20
/interface list
add name=WAN
add name=LAN
add name=VPN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool-CUSTBusiness ranges=192.168.11.120-192.168.11.150
add name=pool-CUSTGuest ranges=172.18.2.100-172.18.2.200
/ip dhcp-server
add address-pool=pool-CUSTGuest interface=VLAN20-PublicInternet name=CUST-Guest server-address=172.18.2.1
/ip smb users
set [ find default=yes ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=8-Internet name=PROVIDER profile=default-encryption use-peer-dns=yes user=*******************************
/routing bgp template
set default address-families=ip,ipv6 as=65506 disabled=no output.redistribute=connected,bgp router-id=10.0.251.130 routing-table=main
/snmp community
set [ find default=yes ] authentication-protocol=SHA1 security=authorized
/system logging action
set 3 remote=10.15.90.5 src-address=192.168.11.100 syslog-facility=syslog
/interface bridge port
add bridge=BR-CUST comment=defconf interface=2-Uplink internal-path-cost=10 path-cost=10
add bridge=BR-CUST comment=defconf interface=3-Uplink internal-path-cost=10 path-cost=10
add bridge=BR-CUST comment=defconf interface=4-Uplink internal-path-cost=10 path-cost=10
add bridge=BR-CUST comment=defconf interface=5-Uplink internal-path-cost=10 path-cost=10
add bridge=BR-CUST comment=defconf interface=6-Uplink internal-path-cost=10 path-cost=10
add bridge=BR-CUST comment=defconf interface=7-Uplink internal-path-cost=10 path-cost=10
add bridge=BR-CUST comment=defconf interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10
add bridge=BR-CUST interface=1-AP internal-path-cost=10 path-cost=10
add bridge=BR-CUST interface=VLAN20-PublicInternet internal-path-cost=10 path-cost=10 pvid=20
/ip firewall connection tracking
set udp-stream-timeout=5m udp-timeout=5m
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=BR-CUST tagged=1-AP,BR-CUST vlan-ids=20
add bridge=BR-CUST vlan-ids=1
/interface list member
add interface=BR-CUST list=LAN
add interface=8-Internet list=WAN
add interface=WG02 list=VPN
add interface=WG01 list=VPN
/interface wireguard peers
add allowed-address=::/0,0.0.0.0/0 endpoint-address=XXXXXXXXXXXXX endpoint-port=51823 interface=WG01 name=peer1 persistent-keepalive=10s public-key=\
    "XXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=::/0,0.0.0.0/0 endpoint-address=XXXXXXXXXXXXXX endpoint-port=13239 interface=WG02 name=peer2 persistent-keepalive=10s public-key=\
    "XXXXXXXXXXXXXXXXXXXXXXXXXX="
/ip address
add address=192.168.11.100/24 interface=BR-CUST network=192.168.11.0
add address=172.20.254.2/28 interface=8-Internet network=172.20.254.0
add address=10.21.255.38/30 interface=WG01 network=10.21.255.36
add address=10.21.252.34/30 interface=WG02 network=10.21.252.32
add address=172.18.2.1/24 interface=VLAN20-PublicInternet network=172.18.2.0
/ip dhcp-client
add comment=defconf interface=8-Internet
/ip dhcp-server network
add address=172.18.2.0/24 dns-server=172.18.2.1 gateway=172.18.2.1
add address=192.168.11.0/24 dns-server=192.168.11.100 gateway=192.168.11.100
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=10.18.0.0/16 list=XXXXXXXXX
add address=10.15.200.0/24 list=XXXXXXXXX
add address=10.15.91.0/24 list=XXXXXXXXX
add address=10.15.90.32 list=YYYYYYYYYYY
add address=10.15.90.68 list=YYYYYYYYYYY
add address=10.1.252.0/24 list=YYYYYYYYYYY
add address=10.0.0.0/8 list=RFC1918
add address=172.16.0.0/12 list=RFC1918
add address=192.168.11.0/16 list=RFC1918
add address=XXXXXXXXXX/27 list=XXXXXXXXX
/ip firewall filter
add action=accept chain=forward in-interface-list=VPN out-interface-list=VPN
add action=accept chain=forward src-address-list=XXXXXXXXX
add action=accept chain=input src-address-list=XXXXXXXXX
add action=accept chain=forward src-address-list=YYYYYYYYYYY
add action=accept chain=input src-address-list=YYYYYYYYYYY
add action=accept chain=output
add action=drop chain=input in-interface=PROVIDER src-address-list=BL_LIST
add action=add-src-to-address-list address-list=BL_LIST address-list-timeout=4w2d10h chain=input dst-port=53,161,123 in-interface=PROVIDER protocol=udp src-address-list=!RFC1918
add action=add-src-to-address-list address-list=BL_LIST address-list-timeout=none-dynamic chain=input dst-port=53,161,123,5060,25,23 in-interface=PROVIDER protocol=tcp src-address-list=\
    !RFC1918
add action=drop chain=input dst-port=53,161,123,5060 in-interface=PROVIDER log-prefix="DNS DROP" protocol=udp src-address-list=!RFC1918
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment=" accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=" accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade dst-address=172.20.254.0/24 ipsec-policy=out,none
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment=masquerade dst-address-list=!RFC1918 ipsec-policy=out,none
/ip firewall service-port
set sip disabled=yes
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set telnet disabled=yes
set ftp address=10.0.0.0/8,192.168.11.0/16,172.16.0.0/12
set www address=10.0.0.0/8,192.168.11.0/16,172.16.0.0/12
set ssh address=10.0.0.0/8,192.168.11.0/16,172.16.0.0/12
set api address=10.0.0.0/8,192.168.11.0/16,172.16.0.0/12
set winbox address=10.0.0.0/8,192.168.11.0/16,172.16.0.0/12
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 address
add address=2003:a:a39:5300::1 interface=BR-CUST
/ipv6 dhcp-client
add add-default-route=yes interface=PROVIDER pool-name=PROVIDERV6 request=prefix
/ipv6 dhcp-server
add address-pool=PROVIDERV6 interface=BR-CUST lease-time=15m name=DHCP
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/routing bfd configuration
add disabled=no interfaces=WG02
add disabled=no interfaces=WG01
/routing bgp connection
add add-path-out=all address-families=ip,ipv6 as=65506 connect=yes disabled=no input.filter=BGP-01-IN listen=yes local.role=ebgp name=LOCATION01 output.filter-chain=BGP-01-OUT .redistribute=\
    connected,bgp remote.address=10.21.255.37/32 .as=65505 router-id=10.0.251.130 routing-table=main templates=default use-bfd=yes
add add-path-out=all address-families=ip,ipv6 as=65506 connect=yes disabled=no input.filter=BGP-02-IN listen=yes local.role=ebgp name=LOCATION02 output.filter-chain=BGP-02-OUT .redistribute=\
    connected,bgp remote.address=10.21.252.33/32 .as=65330 router-id=10.0.251.130 routing-table=main templates=default use-bfd=yes
/routing filter rule
add chain=BGP-02-OUT disabled=no rule="if (dst in 192.168.11.0/24 || dst in 172.18.2.0/24)  {accept;} else { set bgp-path-prepend 3; accept}"
add chain=BGP-01-OUT disabled=no rule="if (dst in 192.168.11.0/24 || dst in 172.18.2.0/24)  {accept;} else { set bgp-path-prepend 7; accept}"
add chain=BGP-01-IN disabled=no rule="if (dst in 10.18.0.0/16) {set  bgp-path-peer-prepend 10;  accept}"
add chain=BGP-01-IN disabled=no rule="if (dst in 10.0.0.0/8 || dst in 172.16.0.0/12 || dst in 192.168.11.0/16) {set  bgp-path-peer-prepend 12; accept;} "
add chain=BGP-02-IN disabled=no rule="if (dst in 10.15.0.0/16) {set  bgp-path-peer-prepend 12; set bgp-path-prepend 12;\r\
    \n  accept}"
add chain=BGP-02-IN disabled=no rule="if (dst in 10.0.0.0/8 || dst in 172.16.0.0/12 || dst in 192.168.11.0/16) {set  bgp-path-peer-prepend 2; accept;} "
/snmp
set contact=MAILADRESS enabled=yes location="CUSTOMER"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=GW01
/system logging
add action=remote prefix=SI-CUST01 topics=info
add action=remote prefix=SI-CUST01 topics=critical
add action=remote prefix=SI-CUST01 topics=error
add action=remote prefix=SI-CUST01 topics=warning
add prefix=SI-CUST01 topics=backup,bfd,bgp,dhcp,dns,firewall,interface,pppoe,wireguard,backup
/system note
set show-at-login=no
/system script
add dont-require-permissions=no name=AutomaticRestart owner=stc policy=reboot,read,write,test source=":local PingCount 300;\r\
    \n:local stop false;\r\
    \n:while ([/ping 8.8.8.8 count=1 interval=5]=0 && stop=false) do={\r\
    \n  :set PingCount (\$PingCount-5);\r\
    \n  #:log info \"Reboot after \$PingCount s\";\r\
    \n :if (\$PingCount<=0) do={\r\
    \n    :set stop true;\r\
    \n    :log info \"NOT PING ON 8.8.8.8 - REBOOT!!!\";\r\
    \n    /system reboot;\r\
    \n  };\r\
    \n};\r\
    \n\r\
    \n:set PingCount (300-\$PingCount);\r\
    \n:if (stop=false) do={:log info \"Reboot stop after \$PingCount/300 s\";};"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=no down-script=":log info \"Der Ping test war nicht erfolgreich. Der Router wird neu gestartet\";\r\
    \n:if ([/system resource get uptime]>30) do={\r\
    \n  :log info \"Not ping on 8.8.8.8\";\r\
    \n  /system script run AutomaticRestart;\r\
    \n}" host=8.8.8.8 http-codes="" name=RebootPing startup-delay=3m test-script="" thr-loss-count=20 type=icmp up-script=""
/user group
add name=backup policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,password,sensitive,!winbox,!web,!sniff,!api,!romon,!rest-api
Edit:


I have also updated a CRS326-24G-2S+ switch to 7.16. SNMP and API queries are also made there. However, no routing DHCP, BGP or similar. The problem does not occur with this switch. So I think it is due to a component.
Last edited by Kernal87 on Mon Sep 30, 2024 5:41 pm, edited 1 time in total.
 
boingolover
just joined
Posts: 5
Joined: Sat Feb 11, 2023 6:41 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 5:40 pm

I posted about occasional FIN and RST packets from local subnets leaking out of the WAN interface here:

viewtopic.php?p=1092290#p1092290

As of 7.16, I can no longer reproduce this issue. So one of two things are happening as far as I can tell:

1) the AT&T gateway is no longer logging this leaked traffic from rfc1918 addresses

2) Mikrotik fixed this issue and didn't call it out in the changelogs

I'm going to try to rule out #1 later today, but just curious if anyone else has seen this?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 5:47 pm

The firewall rules that I have added to catch such traffic still have hits, so I doubt it has been fixed...
 
Kernal87
just joined
Posts: 2
Joined: Mon Mar 29, 2021 6:55 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 6:02 pm

I am now connected such a router that no longer reacts on wan interface via an internal interface. This is an LTE router LHGGM. For example, when I do /ip/route/print, the input simply hangs and no output is generated.
The same happens when I want to display Wireguard configs or BGP configs. The memory utilization is at half 128 MB.
I wonder how these things can die like this.
 
Spirch
Member Candidate
Member Candidate
Posts: 119
Joined: Sat May 03, 2014 5:04 am

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 7:38 pm

from 7.12.1 on hap ac2 to 7.16, i had to unplug the power and replug, waited 15 minutes before doing it

i had a single device on it that got an ip and was actually working
every other one were not able to get an ip, same for the router itself, mac address connection was not working too
 
mustang1986
just joined
Posts: 1
Joined: Wed May 31, 2023 9:07 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 8:20 pm

*) wifi-qcom-ac - improved memory allocating process;
I'm afraid this is not fixed yet.
cAP AC, reboot after 2d22h due to kernel failure.
PRTG monitoring shows increasing memory usage until reboot happens.

Back to daily scheduled reboot for now 8)

I already have an open ticket, will send autosupout there.
Not good news....
I use 44 piece cap AC with qcom-ac (more VLAN and ~70 piece wifi client with 802.11r fast BSS transitions ( roaming), routeros 7.15.3 and 7.16rc1-5).
After 7-10 days runs out the cap's memory.
 
boingolover
just joined
Posts: 5
Joined: Sat Feb 11, 2023 6:41 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 8:27 pm

The firewall rules that I have added to catch such traffic still have hits, so I doubt it has been fixed...
I guess I was just impatient, I did eventually see them. So it's 3) none of the above
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Mon Sep 30, 2024 10:51 pm

*) console - added "about" filters for "find" and "print where" commands;
How does this about parameter work? Can't figure it out. Docs unavailable.
bump. This is discussion strictly related to release 7.16
 
abrehmc
just joined
Posts: 6
Joined: Wed Apr 06, 2022 12:03 pm

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 7:47 am

My CRS310-8G+2S+ simply refuses to upgrade from 7.12.2. The arm package is there, but it doesn't get picked up on reboot.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26879
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 8:00 am

1) Check the Log file and it will tell you why
2) [removed]
 
abrehmc
just joined
Posts: 6
Joined: Wed Apr 06, 2022 12:03 pm

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 8:11 am

1) Check the Log file and it will tell you why
2) Why this old version? You should be using 7.16
It came from the supplier with that version. Going to 7.15.3 and then to 7.16 worked. I have no idea why it did that, I should have saved the log.
If it happens again on the other switches, I will check it.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 8:16 am

My CRS310-8G+2S+ simply refuses to upgrade from 7.12.2. The arm package is there, but it doesn't get picked up on reboot.
Most likely space issues because moving from 7.12.x going higher, will probably also install wireless. On a switch ... :shock:
(on the CRS devices I upgraded, I saw it each time)

Log file should have indicated space problems so if you have others to process, be aware.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26879
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 8:23 am

Sorry I misread the issue :) Glad you solved it .
 
prawira
Member
Member
Posts: 362
Joined: Fri Feb 10, 2006 5:11 am
Contact:

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 12:10 pm

--deleted--
Last edited by prawira on Tue Oct 01, 2024 12:50 pm, edited 1 time in total.
 
prawira
Member
Member
Posts: 362
Joined: Fri Feb 10, 2006 5:11 am
Contact:

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 12:15 pm

--deleted--
Last edited by prawira on Tue Oct 01, 2024 1:05 pm, edited 1 time in total.
 
prawira
Member
Member
Posts: 362
Joined: Fri Feb 10, 2006 5:11 am
Contact:

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 12:19 pm

*) arp - fixed possible issue with invalid entries;
has #[SUP-136090]: flag DIH on /ip arp been solved ?

*) ip - added max-sessions property for services;
is it to limit max session on the same time of each services ?
please add "idle timeout" as well.

TIA
 
deluxor
just joined
Posts: 4
Joined: Tue Dec 24, 2019 6:08 am

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 6:24 pm

My RB5009 had a kernel failure today:
Image
It is running this version.
 
nmt1900
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Feb 01, 2017 12:36 am

Re: v7.16 [stable] is released!

Tue Oct 01, 2024 11:36 pm

Word 'probably' should not have a place in log messages...
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 12:28 am

Thanks @ToTheFull, on my hAP EX2 I had the same problem from v.15.x onwards.
I will stay with v.14.3.

Regards.
agreed. something is different since 14.3 that using multiple AX APs or some other similarity just doesnt work. going back to 14.3 and all is stable and good.
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 1:55 am

it seems vrf-routing is trouble, coming from 7.15.3 static vrf routes were marked inactive and we found no way to get those active, neither deleting, adding new ones, basically all vrf-routes are inactive and show things like:
 4  IsH  dst-address=0.0.0.0/0 routing-table=main gateway=10.100.6.5
         immediate-gw="" distance=1 scope=30 target-scope=10
         vrf-interface=MGMT
in addition to static routes within vrfs not working also dynamic routes (added by pppoe client) were inactive within vrfs. this is seriously messed up.

finally had to downgrade to 7.15.3 to get this working again.
Config looks to be incorrect, either you use routing-table to determine to which vrf this route should belong or you use vrf-interfce. But not the both especially if routing table config does not match the vrf to which vrf-inteface belongs to.
tried all ways imaginable - couldn't get it to work besides downgrading...
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 3:26 am



Config looks to be incorrect, either you use routing-table to determine to which vrf this route should belong or you use vrf-interfce. But not the both especially if routing table config does not match the vrf to which vrf-inteface belongs to.
tried all ways imaginable - couldn't get it to work besides downgrading...
revisited the issue - well - _before_ upgrading one has to remove the parameter "vrf-interface" from any static vrf routes that do typically carry routing-table=vrf and vrf-interface=NAME which obviously breaks the routes after v7.16 upgrade.
also dialer-interfaces that enable "add default route" do not add a working default route into its assigned vrf, one has to add a route like:
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=PPPoE-VRF@vrfO routing-table=vrfO scope=30 suppress-hw-offload=no target-scope=10
it's a pitty an upgrade breaks the config this way.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 11:34 am

The issue described in viewtopic.php?t=207022 has become much worse in 7.16
(BGP sessions close when another session closes)
In previous versions it appeared to affect only BGP sessions with the same local IP, now it sometimes affects ALL sessions...
When a peer on L2TP/IPsec disconnects because their public IP has changed and they re-establish the L2TP/IPsec session, I have observed several times that all BGP sessions (15 total) go to Idle state and have to re-connect.
Nobody else noticed that?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 1:30 pm

On my CCR2116-12G-4S+ all 3 BGP session (2 IPv4 and 1 IPv6) still up from when I install 7.16 (upgraded from 7.15.3) 8 days ago,
despite the fact some IPsec session keep disconnecting when they are not used.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 1:48 pm

Does that also result in a BGP disconnect? In case BGP is running with 180s hold time it may be that the BGP session survives during the restart of a tunnel.
In my case the downtime is too long for that (it is caused by scheduled restart of a 5G gateway to cover the daily change of IP by the mobile provider), the connection closes, and all others go to "Idle" state. That is only visible when you add a logging entry like this:
/system logging
add topics=bgp,debug,!packet,!timer
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 2:09 pm

Done, when something is come up I let you know.
SYSTEM: log rule added by winbox-3.41/tcp-msg(winbox):rex@222.173.190.239/terminal (*2D = /system logging add topics=bgp,debug,!packet,!timer)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 2:15 pm

???
TEST: Fastweb IPv6-1 {l_addr: 2a03:dead:beef::1, r_addr: 2001:beef::dead} Starter {openOk: false} Unsupported capability received, code: 128
???

128: Prestandard Route Refresh (deprecated)

Apparently enabling bgp logging dropped my IPv6 BGP session...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 8:23 pm

No, that is a bug. It is not related to the logging, it is just that you now see what is happening.
Ever since using v7 connected to v6 I have seen those issues...
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Wed Oct 02, 2024 9:04 pm

PPPoE is not adding a default gateway?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12521
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 11:10 am

No, that is a bug. It is not related to the logging, it is just that you now see what is happening.
Ever since using v7 connected to v6 I have seen those issues...
You are right, I hadn't noticed because this is a service line, not in production, (otherwise I wouldn't have installed the 7.16 that just came out...).
Apparently the session breaks if an IP changes or is added to any virtual interface.
 
andreacar
just joined
Posts: 5
Joined: Fri Oct 27, 2023 1:07 pm
Location: Italia
Contact:

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 12:26 pm

HI,

I was also hoping to resolve the problem with the Wifi:
SA Query timeout....
I keep having disconnections
Is the only solution to downgrade to 7.14.3?

Thanks
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 12:34 pm

HI,

I was also hoping to resolve the problem with the Wifi:
SA Query timeout....
I keep having disconnections
Is the only solution to downgrade to 7.14.3?

Thanks

How many AP's do you have?
 
andreacar
just joined
Posts: 5
Joined: Fri Oct 27, 2023 1:07 pm
Location: Italia
Contact:

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 12:45 pm

I have only hap AX3. I don't use Capsman
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 12:46 pm

I have only hap AX3. I don't use Capsman
Can you export wireless config here?
 
andreacar
just joined
Posts: 5
Joined: Fri Oct 27, 2023 1:07 pm
Location: Italia
Contact:

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 12:51 pm

This is my export:
/interface wifi channel
add band=5ghz-ax disabled=no frequency=5660,5700,5680 name=5Ghz-Andrea \
    skip-dfs-channels=10min-cac width=20/40/80mhz
add disabled=no frequency=2412,2437,2472 name=2Ghz-Default width=20mhz
add disabled=no frequency=5180,5260,5500 name=5Ghz-Default width=20/40/80mhz
/interface wifi configuration
add channel.frequency=5540,5500,5260 .width=20/40/80mhz disabled=no mode=ap \
    name=5G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.frequency=2462,2437 .width=20/40mhz disabled=no mode=ap name=\
    2G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.skip-dfs-channels=10min-cac .width=20/40/80mhz disabled=no mode=\
    ap name=5Ghz security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.band=2ghz-ax .frequency=2426-2448,2401-2423,2451-2473 .width=\
    20/40mhz-Ce disabled=no mode=ap name=2.4Ghz \
    security.authentication-types=wpa2-psk,wpa3-psk ssid=Wifi-Andrea
/interface wifi
set [ find default-name=wifi1 ] configuration=5Ghz configuration.mode=ap \
    disabled=no name=wifi1-5Ghz
set [ find default-name=wifi2 ] channel.frequency=\
    2426-2448,2401-2423,2451-2473 configuration=2.4Ghz configuration.mode=ap \
    disabled=no name=wifi2-2.4Ghz
/interface wifi datapath
add bridge=bridge_LAN disabled=no name=private-LAN
add bridge=bridge_LAN client-isolation=no comment=IoT disabled=no name=\
    vlan80-IoT vlan-id=80
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no name=\
    IoT wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=Home wps=disable
/interface wifi configuration
add datapath=vlan80-IoT disabled=no hide-ssid=yes mode=ap name=IoT security=\
    IoT ssid=IoT
/interface wifi
add channel.frequency=2412,2432,2472 configuration=IoT configuration.mode=ap \
    disabled=no mac-address=4A:A9:8A:BC:A6:91 master-interface=wifi2-2.4Ghz \
    name=wifi-IoT-2Ghz
add configuration=IoT configuration.mode=ap disabled=no mac-address=\
    4A:A9:8A:BC:A6:90 master-interface=wifi1-5Ghz name=wifi-IoT-5Ghz
/interface wifi cap
set caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=all
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
 
Kanta
newbie
Posts: 35
Joined: Tue May 15, 2018 7:54 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 12:52 pm

No, that is a bug. It is not related to the logging, it is just that you now see what is happening.
Ever since using v7 connected to v6 I have seen those issues...
You are right, I hadn't noticed because this is a service line, not in production, (otherwise I wouldn't have installed the 7.16 that just came out...).
Apparently the session breaks if an IP changes or is added to any virtual interface.
Even with a fixed router-id set?
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 1:11 pm

This is my export:
/interface wifi channel
add band=5ghz-ax disabled=no frequency=5660,5700,5680 name=5Ghz-Andrea \
    skip-dfs-channels=10min-cac width=20/40/80mhz
add disabled=no frequency=2412,2437,2472 name=2Ghz-Default width=20mhz
add disabled=no frequency=5180,5260,5500 name=5Ghz-Default width=20/40/80mhz
/interface wifi configuration
add channel.frequency=5540,5500,5260 .width=20/40/80mhz disabled=no mode=ap \
    name=5G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.frequency=2462,2437 .width=20/40mhz disabled=no mode=ap name=\
    2G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.skip-dfs-channels=10min-cac .width=20/40/80mhz disabled=no mode=\
    ap name=5Ghz security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.band=2ghz-ax .frequency=2426-2448,2401-2423,2451-2473 .width=\
    20/40mhz-Ce disabled=no mode=ap name=2.4Ghz \
    security.authentication-types=wpa2-psk,wpa3-psk ssid=Wifi-Andrea
/interface wifi
set [ find default-name=wifi1 ] configuration=5Ghz configuration.mode=ap \
    disabled=no name=wifi1-5Ghz
set [ find default-name=wifi2 ] channel.frequency=\
    2426-2448,2401-2423,2451-2473 configuration=2.4Ghz configuration.mode=ap \
    disabled=no name=wifi2-2.4Ghz
/interface wifi datapath
add bridge=bridge_LAN disabled=no name=private-LAN
add bridge=bridge_LAN client-isolation=no comment=IoT disabled=no name=\
    vlan80-IoT vlan-id=80
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no name=\
    IoT wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=Home wps=disable
/interface wifi configuration
add datapath=vlan80-IoT disabled=no hide-ssid=yes mode=ap name=IoT security=\
    IoT ssid=IoT
/interface wifi
add channel.frequency=2412,2432,2472 configuration=IoT configuration.mode=ap \
    disabled=no mac-address=4A:A9:8A:BC:A6:91 master-interface=wifi2-2.4Ghz \
    name=wifi-IoT-2Ghz
add configuration=IoT configuration.mode=ap disabled=no mac-address=\
    4A:A9:8A:BC:A6:90 master-interface=wifi1-5Ghz name=wifi-IoT-5Ghz
/interface wifi cap
set caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=all
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
In your config you have
/interface wifi configuration
add channel.skip-dfs-channels=10min-cac .width=20/40/80mhz disabled=no mode=\
ap name=5Ghz security.authentication-types=wpa2-psk,wpa3-psk ssid=\
Wifi-Andrea

and then you have
/interface wifi
set [ find default-name=wifi1 ] configuration=5Ghz configuration.mode=ap \
disabled=no name=wifi1-5Ghz

You are missing the frequencies in the /interface wifi configuration
 
ips
Member Candidate
Member Candidate
Posts: 154
Joined: Mon Oct 09, 2023 6:48 pm
Location: Italy

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 1:25 pm

I bet that the cause is wpa3
 
andreacar
just joined
Posts: 5
Joined: Fri Oct 27, 2023 1:07 pm
Location: Italia
Contact:

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 1:43 pm

This is my export:
/interface wifi channel
add band=5ghz-ax disabled=no frequency=5660,5700,5680 name=5Ghz-Andrea \
    skip-dfs-channels=10min-cac width=20/40/80mhz
add disabled=no frequency=2412,2437,2472 name=2Ghz-Default width=20mhz
add disabled=no frequency=5180,5260,5500 name=5Ghz-Default width=20/40/80mhz
/interface wifi configuration
add channel.frequency=5540,5500,5260 .width=20/40/80mhz disabled=no mode=ap \
    name=5G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.frequency=2462,2437 .width=20/40mhz disabled=no mode=ap name=\
    2G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.skip-dfs-channels=10min-cac .width=20/40/80mhz disabled=no mode=\
    ap name=5Ghz security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.band=2ghz-ax .frequency=2426-2448,2401-2423,2451-2473 .width=\
    20/40mhz-Ce disabled=no mode=ap name=2.4Ghz \
    security.authentication-types=wpa2-psk,wpa3-psk ssid=Wifi-Andrea
/interface wifi
set [ find default-name=wifi1 ] configuration=5Ghz configuration.mode=ap \
    disabled=no name=wifi1-5Ghz
set [ find default-name=wifi2 ] channel.frequency=\
    2426-2448,2401-2423,2451-2473 configuration=2.4Ghz configuration.mode=ap \
    disabled=no name=wifi2-2.4Ghz
/interface wifi datapath
add bridge=bridge_LAN disabled=no name=private-LAN
add bridge=bridge_LAN client-isolation=no comment=IoT disabled=no name=\
    vlan80-IoT vlan-id=80
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no name=\
    IoT wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=Home wps=disable
/interface wifi configuration
add datapath=vlan80-IoT disabled=no hide-ssid=yes mode=ap name=IoT security=\
    IoT ssid=IoT
/interface wifi
add channel.frequency=2412,2432,2472 configuration=IoT configuration.mode=ap \
    disabled=no mac-address=4A:A9:8A:BC:A6:91 master-interface=wifi2-2.4Ghz \
    name=wifi-IoT-2Ghz
add configuration=IoT configuration.mode=ap disabled=no mac-address=\
    4A:A9:8A:BC:A6:90 master-interface=wifi1-5Ghz name=wifi-IoT-5Ghz
/interface wifi cap
set caps-man-addresses=127.0.0.1 certificate=request discovery-interfaces=all
/interface wifi capsman
set package-path="" require-peer-certificate=no upgrade-policy=none
In your config you have
/interface wifi configuration
add channel.skip-dfs-channels=10min-cac .width=20/40/80mhz disabled=no mode=\
ap name=5Ghz security.authentication-types=wpa2-psk,wpa3-psk ssid=\
Wifi-Andrea

and then you have
/interface wifi
set [ find default-name=wifi1 ] configuration=5Ghz configuration.mode=ap \
disabled=no name=wifi1-5Ghz

You are missing the frequencies in the /interface wifi configuration
Hi,
now channels are specified
/interface wifi channel
add band=5ghz-ax disabled=no frequency=5660,5700,5680 name=5Ghz-Andrea \
    skip-dfs-channels=10min-cac width=20/40/80mhz
add disabled=no frequency=2412,2437,2472 name=2Ghz-Default width=20mhz
add disabled=no frequency=5180,5260,5500 name=5Ghz-Default width=20/40/80mhz
/interface wifi configuration
add channel.frequency=5540,5500,5260 .width=20/40/80mhz disabled=no mode=ap \
    name=5G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel.frequency=2462,2437 .width=20/40mhz disabled=no mode=ap name=\
    2G-Andrea security.authentication-types=wpa2-psk,wpa3-psk ssid=\
    Wifi-Andrea
add channel=5Ghz-Andrea channel.skip-dfs-channels=10min-cac .width=\
    20/40/80mhz disabled=no mode=ap name=5Ghz security.authentication-types=\
    wpa2-psk,wpa3-psk ssid=Wifi-Andrea
add channel.band=2ghz-ax .frequency=2426-2448,2401-2423,2451-2473 .width=\
    20/40mhz-Ce disabled=no mode=ap name=2.4Ghz \
    security.authentication-types=wpa2-psk,wpa3-psk ssid=Wifi-Andrea
/interface wifi
set [ find default-name=wifi1 ] configuration=5Ghz configuration.mode=ap \
    disabled=no name=wifi1-5Ghz
set [ find default-name=wifi2 ] channel.frequency=\
    2426-2448,2401-2423,2451-2473 configuration=2.4Ghz configuration.mode=ap \
    disabled=no name=wifi2-2.4Ghz
/interface wifi datapath
add bridge=bridge_LAN disabled=no name=private-LAN
add bridge=bridge_LAN client-isolation=no comment=IoT disabled=no name=\
    vlan80-IoT vlan-id=80
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no name=\
    IoT wps=disable
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=Home wps=disable
/interface wifi configuration
add datapath=vlan80-IoT disabled=no hide-ssid=yes mode=ap name=IoT security=\
    IoT ssid=IoT
/interface wifi
add channel.frequency=2412,2432,2472 configuration=IoT configuration.mode=ap \
    disabled=no mac-address=4A:A9:8A:BC:A6:91 master-interface=wifi2-2.4Ghz \
    name=wifi-IoT-2Ghz
add configuration=IoT configuration.mode=ap disabled=no mac-address=\
    4A:A9:8A:BC:A6:90 master-interface=wifi1-5Ghz name=wifi-IoT-5Ghz
Thanks you
 
AdrianR
just joined
Posts: 5
Joined: Thu Sep 26, 2024 12:59 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 3:13 pm

apparently i can now post replies / bug reports as a new forum user in this thread ...so here it goes:

CRS354-48G-4S+2Q+ switches - upgraded 2 of them to 7.16 - they started ok but rapidly went nuts with a ton of random junk MAC addresses "learned"... and they do this slowly until they crash and reboot because of out of memory

CRS112-8P-4S switches - 2 of them upgraded, they both "learn" random junk in the MAC table...

RBSXTsq5nD (in wireless bridge mode) - same thing on the fiber end, i did not dare to upgrade the remote end - in case of problems on that one i need to cross a river and the nearest bridge is about 8 kilometers away

CRS326-24G-2S+ switches - upgraded a few of them to v7.16 - no MAC problems there... probably because they use the ARM build of RouterOS.

Our affected devices seem to all be MIPSBE ones.

i have downgraded the affected CRS354-48G-4S+2Q+ switches (mipsbe) back to 7.15.3 .. they work OK again now.
Also downgraded the two CRS112-8P-4S switches (mipsbe) from 7.16 to 7.15.3 - they work OK now too
RBSXTsq5nD (mipsbe) - upgraded to 7.17beta2 - that seems to have fixed the MAC problem too... but i do not dare to put beta builds on the switches.


more details in the forum thread: viewtopic.php?t=211415
(i have started that thread before i could post replies on this thread - new forum users apparently are (were?) not allowed to post problem reports here)
 
mszru
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Aug 10, 2016 10:42 am

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 4:06 pm

SA Query timeout issue is still there unfortunately. I had my Zoom video meeting disconnected multiple times after the upgrade to 7.16.

I use hAP ax3 with WPA3 disabled (that kind of helped at 7.15.3) and the laptop with AX203 card running the latest drivers.

Interestingly my old hAP ac2 with wifi-qcom-ac worked fine with WPA3 enabled at 7.15.3...

hAP ax3 and hAP ac2 have the same configuration and I am a bit tired of swapping the devices when I need stable Wi-Fi connection.
 
ips
Member Candidate
Member Candidate
Posts: 154
Joined: Mon Oct 09, 2023 6:48 pm
Location: Italy

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 5:31 pm

Then, in this case, I bet that the issue is using AX. Have you tried to force AC band on your hAP AX3?
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 5:56 pm

A reminder to everyone experiencing issues with wifi and Intel AX cards: report as much as you can to Mikrotik support. See viewtopic.php?t=209903#p1089757
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 6:53 pm

SA Query timeout issue is still there unfortunately. I had my Zoom video meeting disconnected multiple times after the upgrade to 7.16.

I use hAP ax3 with WPA3 disabled (that kind of helped at 7.15.3) and the laptop with AX203 card running the latest drivers.

Interestingly my old hAP ac2 with wifi-qcom-ac worked fine with WPA3 enabled at 7.15.3...

hAP ax3 and hAP ac2 have the same configuration and I am a bit tired of swapping the devices when I need stable Wi-Fi connection.

In wifi security

Enable "WPA PSK" "WPA2 PSK" Group Encryption "CCMP"
Group Key Update "00:40:00"
Disable PMKID "enabled"
Management Protection "disable"

In FT tab
FT Enabled "enabled"
FT Over DS "enabled"

My Passphrase is 8 in length numbers and capital letters only

I used to see "SA Query timeout" but no longer do with these settings running 7.15.3
I do see a few disconnects,

Try changing the "Antenna Gain" to reduce Tx Power the lower the number to reduce the Tx Power
 
User avatar
rururudy
newbie
Posts: 30
Joined: Thu Aug 04, 2016 10:57 pm
Location: San Francisco
Contact:

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 8:57 pm

Success: CRS326 upgrade from 7.13 -> 7.16
Took 4 minutes before switch started pinging again.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Thu Oct 03, 2024 10:20 pm

Success: CRS326 upgrade from 7.13 -> 7.16
Took 4 minutes before switch started pinging again.
But you could upgrade your 7 year old switch to newly developed software in 2024!
For most manufacturers your device would have been end-of-life with no new firmware releases, and at most a fix for a newly discovered critical security problem... even when you had paid 20% of its new cost every year "for support".
 
ColinSlater
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun Sep 12, 2021 2:32 pm

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 1:29 am

Just upgraded my RB4011 and hAP AX2.
All working fine, except that my 5GHz Wifi networks seem to have disappeared. Will have a proper look later.
 
hasmidzul
just joined
Posts: 2
Joined: Tue Jun 06, 2023 8:45 am

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 6:05 am

Upgraded my hap ax3 from 7.15.2 to 7.16 about a week now ( simple home router).It feel like better throughput on wifi ax 5GHz.All my wifi client was wifi 6 (2 intel wifi 6, 2 qualcomm wifi 6 devices and one mediatek wifi device).TQ mikrotik
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 615
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 7:40 am

No, that is not true. The DNS resolver processes the entries from top to bottom (like the firewall) so you can have that config.

I checked with the support: regexes are indeed processed first. Therefore the *\.home\.arpa$ regex of type NXDOMAIN will override non-regex entries regardless of its relative position. Thus the workaround by @Amm0 is necessary.

It seems to me that administrative control over DNS leakage is lacking on RouterOS.
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 11:01 am

Not good news....
I use 44 piece cap AC with qcom-ac (more VLAN and ~70 piece wifi client with 802.11r fast BSS transitions ( roaming), routeros 7.15.3 and 7.16rc1-5).
After 7-10 days runs out the cap's memory.
I am on 8+ days and RAM is declining indeed. I have not enabled graphing so I can't proof it. But 2 days ago it was 31 or 32MiB free-memory. Now it is down to 29.3MiB. Let's see where this is going.
/system/resource/print 
                   uptime: 1w1d9m
                  version: 7.16 (stable)
               build-time: 2024-09-20 13:00:27
         factory-software: 6.44.6
              free-memory: 29.3MiB
             total-memory: 128.0MiB
                      cpu: ARM
                cpu-count: 4
            cpu-frequency: 448MHz
                 cpu-load: 1%
           free-hdd-space: 736.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 1128
         write-sect-total: 32915
        architecture-name: arm
               board-name: cAP ac
                 platform: MikroTik
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 11:34 am

RouterOS version 7.16 have been released in the "v7 stable" channel!
*) ike1 - removed unsupported NAT-D drafts with invalid payload numbers;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation;

Hi,

Version v7.16 and v7.17xx are totally broken for ipsec.

I have escalated support, it does not renegotiate SAs, policies are shown as "Established" on one end but not on the other... these versions are a disaster for ipsec.

Regards,
 
holvoetn
Forum Guru
Forum Guru
Posts: 6558
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 12:02 pm

Not good news....
I use 44 piece cap AC with qcom-ac (more VLAN and ~70 piece wifi client with 802.11r fast BSS transitions ( roaming), routeros 7.15.3 and 7.16rc1-5).
After 7-10 days runs out the cap's memory.
I am on 8+ days and RAM is declining indeed. I have not enabled graphing so I can't proof it. But 2 days ago it was 31 or 32MiB free-memory. Now it is down to 29.3MiB. Let's see where this is going.
Declining of available memory on itself is not the problem.
RAM is intented to be used by whatever process. That's what the operating system needs to take care of.
It's only when it's not being released anymore when needed, then an out of memory condition happens.
That's when the problems start...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10516
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 12:20 pm

No, that is not true. The DNS resolver processes the entries from top to bottom (like the firewall) so you can have that config.

I checked with the support: regexes are indeed processed first. Therefore the *\.home\.arpa$ regex of type NXDOMAIN will override non-regex entries regardless of its relative position. Thus the workaround by @Amm0 is necessary.
I do not consider that a workaround, the solution with "match subdomain" is better than with "regexp" anyway!
The reason regexp is often suggested as solution for subdomains is that "match subdomain" was only recently introduced.

So there are two ways of doing it:
1. use a NXDOMAIN for the domain with match-subdomain, plus explicit entries for hosts within the subdomain (best solution).
2. use regexp but use it for both the all-hosts match and the explicit hosts, and put them in order with all-hosts last.
It seems to me that administrative control over DNS leakage is lacking on RouterOS.
To me it seams it isn't... it can be done, and you can only debate whether some of these entries should be part of default config.
Probably not, because such conventions change over time and most users use none of them.
You could also want NXDOMAIN entries for rfc1918 reverse lookups as I wrote above. Probably saves more load on DNS system than this.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4234
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 10:19 pm

It seems to me that administrative control over DNS leakage is lacking on RouterOS.
That jumped the shark since a client can just use DoH etc... Plus "content filtering" is rapidly moving target...and RouterOS development is not rapid. And they give you some tools, like regex/match-subdomain/NXDOMAIN/FWD to build-your-own.

And if you look Blocky container, it give you more control over blocking DNS (and the have arm/arm64 images that should work). For example, it has an option for the "home.arpa problem":
https://0xerr0r.github.io/blocky/latest ... main-names
But it also has dozen of other ones - that you/someone else might want - & no doubt change at more rapid pace than DNS updates in RouterOS.

FWIW, I suspect the root cause of the "home.arpa" appearing comes from devices using Apple's OSS implementation of mDNS Discovery Proxy, since it defaults to "home.arpa". See also https://www.rfc-editor.org/rfc/rfc6762#appendix-G
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 10:32 pm

1. use a NXDOMAIN for the domain with match-subdomain, plus explicit entries for hosts within the subdomain (best solution).
As Amm0 wrote:
/ip/dns/static/add name=nas.home.arpa type=A address=192.168.88.100 match-subdomain=yes 
/ip/dns/static/add name=home.arpa type=NXDOMAIN match-subdomain=yes
The A record is not "explicit". It also matches foobar.nas.home.arpa.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4234
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: v7.16 [stable] is released!

Fri Oct 04, 2024 10:57 pm

The A record is not "explicit". It also matches foobar.nas.home.arpa.
True. But to @kenzo's point RouterOS is ill-suited to this.

Along the "home.arap" A records, it's also very likely SRV and PTR ones too also with ".home.arpa" that escape too. So, theoretically, you need to block type=SRV and type=PTR too. Now.... it's actually the PTR ones you'd want to block since those "leak" stuff that your public IP was searching for light bulbs (_hap._udp.home.arpa PTR), printers (_ipp._udp.home.arpa PTR), etc.

But... the PTR records you cannot block since PTR is not allowed in type= within /ip/dns/static. I have two year old bug about it: SUP-100671.

Now... I really do think these "advanced DNS" tasks are better for a container. And at least some Mikrotik can just run a container.
 
Andrejm
just joined
Posts: 3
Joined: Tue Jan 28, 2020 1:15 pm

Re: v7.16 [stable] is released!

Sun Oct 06, 2024 10:29 pm

This update make my LTE interface inactive on AT LTE18 . Can't reach internet,read something that i must downgrade.
On downgrade i add routeros-7.15.3-arm64.npk file to File list and can't update because winbox say that file is missing? try also with terminal to execute but same. Then im sugested to reset configuration, i do reset and now i can't enter with admin and blank password in winbox. See device in winbox and now address is 192.168.188.1 but no enter with old password or blank password. What a mess with this update!
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Mon Oct 07, 2024 9:16 am

do you have a password sticker on your device?
 
Andrejm
just joined
Posts: 3
Joined: Tue Jan 28, 2020 1:15 pm

Re: v7.16 [stable] is released!

Mon Oct 07, 2024 9:34 am

Yes, but device is on pole, must go to roof, i miss to make picture of that password, can go worse🫣🤣
 
woodych
just joined
Posts: 19
Joined: Fri Nov 12, 2021 7:09 pm

Re: v7.16 [stable] is released!

Mon Oct 07, 2024 11:52 am

Beware of Change regarding BDPU and Bridge Mode!

In the past, STP on Mikrotik was not behaving well with Cisco Switches an PVSTP and Vlans. The solution was to disable STP on the Mikrotik to make it a transparent switch.

BDPU from one Cisco would be flooded throught the Microtik Bridge to the other Switch in the ring and the Cisco would set a port to 'blocking'.

After Upgrading to 7.16 BDPU flooding with disabled STP does not seem to happen anymore. This results in broadcast looping!

I had to enable STP on the Mikrotik Bridge to stop the loop.
 
mszru
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Aug 10, 2016 10:42 am

Re: v7.16 [stable] is released!

Mon Oct 07, 2024 12:16 pm

As regards to "SA Query Timeout" issue I reported earlier, I guess the reason is my config where the 2 GHz radio is used in both "ap" and "station" modes. The hAP ax3 connects over Wi-Fi to another MiktoTik router (hAP ac lite) - backup internet connection. Thus the hAP ax3 and the other router broadcast different SSIDs at the same frequency which may cause interference.
 18:05:04 wireless,info 90:09:DF:**:**:**@wifi2 disconnected, SA Query timeout, signal strength -53
 18:05:09 wireless,info 90:09:DF:**:**:**@wifi2 connected, signal strength -54
 18:08:15 wireless,info 90:09:DF:**:**:**@wifi2 disconnected, SA Query timeout, signal strength -46
 18:08:19 wireless,info 90:09:DF:**:**:**@wifi2 connected, signal strength -50
I tried to kick the client manually from the Registration table in a hope the laptop would connect to 5 GHz (wifi1), but that has not happened. And that it most likely the Intel's AX203 issue...
 18:09:10 wireless,info 90:09:DF:**:**:**@wifi2 disconnected, removed by user, signal strength -43
 18:09:10 wireless,info 90:09:DF:**:**:**@wifi2 connected, signal strength -52
 18:09:18 wireless,info 90:09:DF:**:**:**@wifi2 disconnected, removed by user, signal strength -45
 18:09:18 wireless,info 90:09:DF:**:**:**@wifi2 connected, signal strength -52
 18:09:27 wireless,info 90:09:DF:**:**:**@wifi2 disconnected, removed by user, signal strength -45
 18:09:28 wireless,info 90:09:DF:**:**:**@wifi2 connected, signal strength -53
The Wi-Fi configuration is
> /interface/wifi/print detail 
Flags: M - master; D - dynamic; B - bound; X - disabled, I - inactive, R - running 
 0 M BR ;;; comment
        default-name="wifi1" name="wifi1" mtu=1500 l2mtu=1560 mac-address=78:9A:18:**:**:C4 arp-timeout=auto radio-mac=78:9A:18:**:**:C4 
        configuration=conf-home 
        configuration.mode=ap .ssid="Home" .country=***** 
        security.authentication-types=wpa2-psk .passphrase="*****" .disable-pmkid=yes .wps=disable .ft=yes 
        channel=ch-5ghz 
        channel.frequency=5170-5730 .band=5ghz-ax .width=20/40/80mhz .skip-dfs-channels=10min-cac 
        steering.rrm=yes .wnm=yes 

 1 M B  ;;; changed intended channel to 2437/n/Ce
        default-name="wifi2" name="wifi2" mtu=1500 l2mtu=1560 mac-address=78:9A:18:**:**:C5 arp-timeout=auto radio-mac=78:9A:18:**:**:C5 
        configuration=conf-home 
        configuration.mode=ap .ssid="Home" .country=***** 
        security.authentication-types=wpa2-psk .passphrase="*****" .disable-pmkid=yes .wps=disable .ft=yes 
        channel=ch-2ghz 
        channel.frequency=2437 .band=2ghz-ax .width=20/40mhz 
        steering.rrm=yes .wnm=yes 
. . .
 6   BR name="wifi7" l2mtu=1560 mac-address=76:4D:28:**:**:2A arp-timeout=auto master-interface=wifi2 
        configuration.mode=station .ssid="Backup ISP" 
        security.passphrase="*****" 
Even though the band is set to "2ghz-ax" for wifi2, the radio operates in "2ghz-n" mode because of connection to the hAP ac lite.

Next time before a video meeting in Zoom I'll make sure the laptop is connected to 5 GHz and hopefully won't experience disconnects and see those "SA Query Timeout" messages.

@ips, @infabo, @flynno - thanks for you comments and suggestions!
 
infabo
Forum Guru
Forum Guru
Posts: 1429
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.16 [stable] is released!

Mon Oct 07, 2024 2:44 pm

@mszru nothing wrong here. It's the Intel issue apparently. In order to get rid of SA query timeouts disable management frame protection on AP. WPA2 alone is not sufficient.

We don't know what happens here. I rarely get SA query timeouts - but they are legit. E.g. when I get out of signal reach or something. Sometimes my Linux AX200 notebook initiates a roam to another station with weaker signal (no idea why it does that). Lets say from wifi1 to wifi2. This results in a connection loss of course. Then I have to re-connect manually and before it connects successfully I see SQ query timeout messages for wifi2 in log. But that's to be intended. It now connects on wifi1 again and not responds to SA queries on wifi2 anymore.
 
bbs2web
Member Candidate
Member Candidate
Posts: 234
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v7.16 [stable] is released!

Tue Oct 08, 2024 9:11 am

MLAG on 2 x CRS354-48G-2S+2Q+ switches continues to be a problem. MLAG peer link is a 802.3ad (LACP) bond interface utilising two Q+ (40G) ports with MikroTik DACs. We've tried swapping the DACs which made no difference.

Bond and slave interface status shows zero 'link down' events but MLAG peer status is reported as flapping regularly:
 09:28:26 bridge,warning "bridge" peer disconnected
 09:28:26 bridge,warning "bridge" peer link down
 09:28:26 bridge,info "bridge" peer link up
 09:28:26 bridge,info "bridge" peer connected
 09:28:26 bridge,info "bridge" peer becomes secondary DC:2C:6E:D2:AF:4B
 


I've sent numerous supout.rif files, for all 7.15 versions of the firmware and now 7.16; never hear anything back from support@mikrotik.com. Also no response or acknowledgement when I log a support case in the support portal.



PS: Works perfectly 99.9% of the time, but these frequent peer link flaps interrupt Teams calls for 2-3 seconds each time they occur and the result is that we can't recommend this for client networks as a result.

PS: Also makes no difference when I temporarily use a 10G DAC and reconfigure the bond-peer interface to use sfp-sfpplus4 instead of the 2 x QSFP+ interfaces (not a QSFP+ (40G) issue).

NB: Only happens during office hours, never over weekends or evenings. Network utilisation is actually higher at night when backups run.

Who is online

Users browsing this forum: No registered users and 10 guests