MikroTik RouterOS 6.41rcX (Testing)

Материал из MikroTik Wiki
Перейти к навигации Перейти к поиску

Подробное описание изменений в MikroTik RouterOS 6.41rcX (Testing). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 20 сентября 2017, дата выхода последнего набора изменений – 14 декабря 2017.

Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам

MikroTik RouterOS 6.41rc66

Дата выхода: 14 декабря 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • routerboot - RouterBOOT version numbering system merged with RouterOS;
  • capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
  • crs326 - improved transmit performance from SFP+ to Ethernet ports;
  • dhcp-server - added basic RADIUS accounting;
  • ike1 - disallow peer creation using base mode;
  • ike2 - added support for multiple split networks;
  • ike2 - do not allow to configure nat-traversal;
  • ipsec - improved hardware accelerated IPSec performance on 750Gr3;
  • ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
  • ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
  • pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
  • quickset - fixed LTE quickset mode APN field;
  • route - improved reliability on routing table update;
  • snmp - fixed bulk requests when non-repeaters are used;
  • wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
  • wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information.

Другие изменения относительно 6.40.5:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • w60g - added Point to Multipoint support;
  • routerboot - RouterBOOT version numbering system merged with RouterOS;
  • wireless - new driver with initial support for 160 and 80+80 MHz channel width;
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs (CLI only);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - set "igmp-snooping=no" by default on new bridges;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • console - removed "/setup";
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added ingress/egress rate input limits;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
  • dhcp-server - added "option-set" argument (CLI only);
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv4-server - strip trailing "\0" in "hostname" if present;
  • discovery - use "/interface list" instead of interface name under neighbor discovery settings;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • health - fixed bogus voltage readings on CCR1009;
  • hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
  • hotspot - fixed Walled Garden IP functionality when address-list is used;
  • ike1 - fixed crash on xauth if user does not exist;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed PH1 lifetime reset on boot;
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed incorrect esp proposal key size usage;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - added Passthrough support;
  • lte - added Yota non-configurable modem support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed authentication for non LTE modes;
  • lte - fixed error when trying to add APN profile without name;
  • lte - fixed rare crash when initializing LTE modem after reset;
  • lte - fixed user authentication for R11e-LTE when new firmware is used;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • m11g - improved ethernet performance on high load;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • netinstall - fixed missing "/flash/etc" on first bootup;
  • netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ovpn-server - do not periodically change automatically generated server MAC address;
  • poe - added new "poe-out" status "controller-error";
  • poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
  • poe - log PoE status related messages under debug topic;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
  • quickset - fixed situation when Quickset automatically changes mode to CPE;
  • quickset - renamed router IP static DNS name to "router.lan";
  • radius - limited RADIUS timeout maximum value to 3 seconds;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - fixed minor problem for SMS delivery;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - show only available OIDs under "/system health print oid";
  • ssh - do not use DH group1 with strong-crypto enabled;
  • ssh - enforced 2048bit DH group on tile and x86 architectures;
  • tile - improved hardware encryption processes;
  • tr069-client - fixed "/interface lte apn" configuration parameters;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - allow to generate more than 999 users;
  • w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
  • w60g - connected stations are treated as separate interfaces;
  • w60g - general work on PtMP implementation for 60 GHz connections;
  • w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
  • webfig - added favicon file;
  • webfig - fixed terminal graphic user interface under Safari browser;
  • winbox - added "W60G station" tab in Wireless menu;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - added support for "_" symbol in terminal window;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - do not show unnecessary tabs from "Switch" menu;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - added "indonesia3" regulatory domain information;
  • wireless - added passive scan option for wireless scan mode;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc61

Дата выхода: 6 декабря 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
  • bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
  • bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
  • capsman - use "adaptive-noise-immunity" value from CAP local configuration;
  • certificate - added option to store CRL in RAM (CLI only);
  • certificate - improved CRL update after system startup;
  • certificate - show invalid flag when local CRL file does not exist;
  • crs317 - fixed reliability on FAN controller;
  • dhcpv4-server - added "NETWORK_GATEWAY" option variable;
  • filesystem - implemented additional system integrity checks on reboots;
  • firewall - added "tls-host" firewall matcher;
  • lte - fixed Passthrough support;
  • lte - update info command with "location area code" (LAC);
  • lte - provide lte info "physical cell id" values (R11e-LTE only);
  • ppp - added initial support for PLE902;
  • sms - log decoded USSD responses;
  • snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
  • system - show USB topology for the device info;
  • webfig - fixed router getting reset to default configuration;
  • winbox - added switch menu on RB1100AHx4;
  • winbox - do not show MetaROUTER stuff on RB1100AHx4;
  • wireless - check APs against connect-list rules starting with strongest signal;
  • wireless - do not show background scan frequencies in the monitor command channel field;
  • wireless - fixed channel selection when special channels used (introduced in v6.41rc);
  • wireless - increased the EAP message retransmit count.

Другие изменения относительно 6.40.5:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • w60g - added Point to Multipoint support;
  • routerboot - RouterBOOT version numbering system merged with RouterOS;
  • wireless - new driver with initial support for 160 and 80+80 MHz channel width;
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs (CLI only);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - set "igmp-snooping=no" by default on new bridges;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • console - removed "/setup";
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added ingress/egress rate input limits;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
  • dhcp-server - added "option-set" argument (CLI only);
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv4-server - strip trailing "\0" in "hostname" if present;
  • discovery - use "/interface list" instead of interface name under neighbor discovery settings;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • health - fixed bogus voltage readings on CCR1009;
  • hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
  • hotspot - fixed Walled Garden IP functionality when address-list is used;
  • ike1 - fixed crash on xauth if user does not exist;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed PH1 lifetime reset on boot;
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed incorrect esp proposal key size usage;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - added Passthrough support;
  • lte - added Yota non-configurable modem support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed authentication for non LTE modes;
  • lte - fixed error when trying to add APN profile without name;
  • lte - fixed rare crash when initializing LTE modem after reset;
  • lte - fixed user authentication for R11e-LTE when new firmware is used;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • m11g - improved ethernet performance on high load;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • netinstall - fixed missing "/flash/etc" on first bootup;
  • netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ovpn-server - do not periodically change automatically generated server MAC address;
  • poe - added new "poe-out" status "controller-error";
  • poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
  • poe - log PoE status related messages under debug topic;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
  • quickset - fixed situation when Quickset automatically changes mode to CPE;
  • quickset - renamed router IP static DNS name to "router.lan";
  • radius - limited RADIUS timeout maximum value to 3 seconds;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - fixed minor problem for SMS delivery;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - show only available OIDs under "/system health print oid";
  • ssh - do not use DH group1 with strong-crypto enabled;
  • ssh - enforced 2048bit DH group on tile and x86 architectures;
  • tile - improved hardware encryption processes;
  • tr069-client - fixed "/interface lte apn" configuration parameters;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - allow to generate more than 999 users;
  • w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
  • w60g - connected stations are treated as separate interfaces;
  • w60g - general work on PtMP implementation for 60 GHz connections;
  • w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
  • webfig - added favicon file;
  • webfig - fixed terminal graphic user interface under Safari browser;
  • winbox - added "W60G station" tab in Wireless menu;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - added support for "_" symbol in terminal window;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - do not show unnecessary tabs from "Switch" menu;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - added "indonesia3" regulatory domain information;
  • wireless - added passive scan option for wireless scan mode;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc56

Дата выхода: 24 ноября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
  • dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
  • dhcpv4-server - strip trailing "\0" in "hostname" if present;
  • filesystem - implemented additional system integrity checks on reboots;
  • firewall - added "tls-host" firewall matcher (CLI only);
  • hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
  • ike2 - fixed PH1 lifetime reset on boot;
  • lte - fixed authentication for non LTE modes;
  • tr069-client - fixed "/interface lte apn" configuration parameters;
  • userman - allow to generate more than 999 users;
  • wireless - added passive scan option for wireless scan mode.

Другие изменения относительно 6.40.5:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • routerboot - RouterBOOT version numbering system merged with RouterOS;
  • wireless - new driver with initial support for 160 and 80+80 MHz channel width;
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs (CLI only);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - set "igmp-snooping=no" by default on new bridges;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • console - removed "/setup";
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added ingress/egress rate input limits;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcp-server - added "option-set" argument (CLI only);
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • discovery - use "/interface list" instead of interface name under neighbor discovery settings;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • health - fixed bogus voltage readings on CCR1009;
  • hotspot - fixed Walled Garden IP functionality when address-list is used;
  • ike1 - fixed crash on xauth if user does not exist;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed incorrect esp proposal key size usage;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - added Passthrough support;
  • lte - added Yota non-configurable modem support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed error when trying to add APN profile without name;
  • lte - fixed rare crash when initializing LTE modem after reset;
  • lte - fixed user authentication for R11e-LTE when new firmware is used;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • m11g - improved ethernet performance on high load;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • netinstall - fixed missing "/flash/etc" on first bootup;
  • netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ovpn-server - do not periodically change automatically generated server MAC address;
  • poe - added new "poe-out" status "controller-error";
  • poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
  • poe - log PoE status related messages under debug topic;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
  • quickset - fixed situation when Quickset automatically changes mode to CPE;
  • quickset - renamed router IP static DNS name to "router.lan";
  • radius - limited RADIUS timeout maximum value to 3 seconds;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - fixed minor problem for SMS delivery;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - show only available OIDs under "/system health print oid";
  • ssh - do not use DH group1 with strong-crypto enabled;
  • ssh - enforced 2048bit DH group on tile and x86 architectures;
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • w60g - general work on PtMP implementation for 60 GHz connections;
  • webfig - added favicon file;
  • webfig - fixed terminal graphic user interface under Safari browser;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - added support for "_" symbol in terminal window;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - do not show unnecessary tabs from "Switch" menu;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - added "indonesia3" regulatory domain information;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc52

Дата выхода: 7 ноября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
  • discovery - use "/interface list" instead of interface name under neighbor discovery settings;
  • hotspot - fixed Walled Garden IP functionality when address-list is used;
  • ovpn-server - do not periodically change automatically generated server MAC address;
  • poe - added new "poe-out" status "controller-error";
  • poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
  • poe - log PoE status related messages under debug topic;
  • ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
  • quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
  • quickset - fixed situation when Quickset automatically changes mode to CPE;
  • w60g - general work on PtMP implementation for 60 GHz connections;
  • wireless - added "indonesia3" regulatory domain information;
  • wireless - added passive scan functionality (CLI only).

Другие изменения относительно 6.40.5:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • routerboot - RouterBOOT version numbering system merged with RouterOS;
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs (CLI only);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - set "igmp-snooping=no" by default on new bridges;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • console - removed "/setup";
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added ingress/egress rate input limits;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcp-client - limited DHCP client "default-route-distance" minimal value to 1;
  • dhcp-server - added "option-set" argument (CLI only);
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • health - fixed bogus voltage readings on CCR1009;
  • ike1 - fixed crash on xauth if user does not exist;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed incorrect esp proposal key size usage;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - added Passthrough support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - added Yota non-configurable modem support;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed error when trying to add APN profile without name;
  • lte - fixed rare crash when initializing LTE modem after reset;
  • lte - fixed user authentication for R11e-LTE when new firmware is used;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • m11g - improved ethernet performance on high load;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • netinstall - fixed missing "/flash/etc" on first bootup;
  • netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • quickset - renamed router IP static DNS name to "router.lan";
  • radius - limited RADIUS timeout maximum value to 3 seconds;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - fixed minor problem for SMS delivery;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - show only available OIDs under "/system health print oid";
  • ssh - do not use DH group1 with strong-crypto enabled;
  • ssh - enforced 2048bit DH group on tile and x86 architectures;
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • webfig - added favicon file;
  • webfig - fixed terminal graphic user interface under Safari browser;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - added support for "_" symbol in terminal window;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - do not show unnecessary tabs from "Switch" menu;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - new driver with initial support for 160 and 80+80 MHz channel width;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc50

Дата выхода: 30 октября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • bridge - set "igmp-snooping=no" by default on new bridges;
  • crs3xx - added ingress/egress rate input limits;
  • dhcp-client - limited DHCP client "default-route-distance" minimal value to 1;
  • dhcp-server - added "option-set" argument (CLI only);
  • discovery - use "/interface list" instead of interface name under neighbor discovery settings;
  • health - fixed bogus voltage readings on CCR1009;
  • ike1 - fixed crash after downgrade if DH groups 19,20,21 were used for phase1;
  • ike1 - fixed crash on xauth if user does not exist;
  • ipv6 - fixed IPv6 addresses constructed from prefix and static address entry;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support;
  • lte - fixed user authentication for R11e-LTE when new firmware is used;
  • m11g - improved ethernet performance on high load;
  • netinstall - fixed missing "/flash/etc" on first bootup;
  • quickset - renamed router IP static DNS name to "router.lan";
  • radius - limited RADIUS timeout maximum value to 3 seconds;
  • sms - fixed minor problem for SMS delivery;
  • webfig - added favicon file;
  • webfig - fixed terminal graphic user interface under Safari browser;
  • winbox - do not show unnecessary tabs from "Switch" menu;
  • wireless - new driver with initial support for 160 and 80+80 MHz channel width.

Другие изменения относительно 6.40.4:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs (CLI only);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • firewall - do not NAT address to 0.0.0.0 after reboot if to-address is used but not specified;
  • ike1 - fixed RSA authentication for Windows clients behind NAT;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed lost value for "remote-certificate" parameter after disable/enable;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • log - properly recognize MikroTik specific RADIUS attributes;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - added Yota non-configurable modem support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - do not reset modem when it is not possible to access SMS storage;
  • lte - fixed modem initialization after reboot;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - include timestamps in SMS delivery reports;
  • sms - properly initialize SMS storage;
  • snmp - fixed "/system license" parameters for CHR;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - show only available OIDs under "/system health print oid";
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - allow shorten bytes to k,M,G in Hotspot user limits;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc47

Дата выхода: 18 октября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • routerboot - RouterBOOT version numbering system merged with RouterOS;
  • bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
  • console - removed "/setup";
  • crs3xx - added ingress/egress rate input limits;
  • discovery - use "/interface list" instead of interface name under neighbour discovery settings;
  • ethernet - fixed missing "sfp-tx-power" option (introduced in v6.41rc14);
  • ipsec - fixed incorrect esp proposal key size usage;
  • lte - temporarily disabled user authentication using user/password PAP/CHAP support for R11e-LTE (introduced in v6.41rc44);
  • lte - fixed PIN option after setting up the band;
  • lte - fixed error when trying to add APN profile without name;
  • lte - fixed rare crash when initializing LTE modem after reset;
  • netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
  • ssh - do not use DH group1 with strong-crypto enabled;
  • ssh - enforced 2048bit DH group on tile and x86 architectures;
  • winbox - added support for "_" symbol in terminal window.

Другие изменения относительно 6.40.4:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added comment support for VLANs (CLI only);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - added support for "/interface list" as a bridge port;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • firewall - do not NAT address to 0.0.0.0 after reboot if to-address is used but not specified;
  • ike1 - fixed RSA authentication for Windows clients behind NAT;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - fixed lost value for "remote-certificate" parameter after disable/enable;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipsec - skip invalid policies for phase2;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp - improved reliability on packet processing in FastPath;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • log - added "bridge" topic;
  • log - fixed interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • log - properly recognize MikroTik specific RADIUS attributes;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - added Yota non-configurable modem support;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - do not reset modem when it is not possible to access SMS storage;
  • lte - fixed modem initialization after reboot;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - limited minimal default route distance to 1;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sms - include timestamps in SMS delivery reports;
  • sms - properly initialize SMS storage;
  • snmp - fixed "/system license" parameters for CHR;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - show only available OIDs under "/system health print oid";
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - allow shorten bytes to k,M,G in Hotspot user limits;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed "/certificate sign" process;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries;
  • wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc44

Дата выхода: 11 октября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet
  • bridge - added comment support for VLANs;
  • bridge - added support for "/interface list" as a bridge port;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs3xx - fixed 100% CPU usage after interface related changes (introduced in v6.41rc31);
  • dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
  • fetch - accept all HTTP 2xx status codes;
  • firewall - do not NAT address to 0.0.0.0 after reboot if to-address is used but not specified;
  • ike1 - fixed RSA authentication for Windows clients behind NAT;
  • interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
  • interface - added option to join and exclude "/interface list" from one and another;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
  • ipsec - fixed lost value for "remote-certificate" parameter after disable/enable;
  • ipsec - fixed policy enable/disable;
  • ipsec - improved reliability on certificate usage;
  • ipsec - skip invalid policies for phase2;
  • l2tp - improved reliability on packet processing in FastPath;
  • log - fixed interface name in log messages;
  • log - properly recognize MikroTik specific RADIUS attributes;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
  • lte - added Passthrough support (CLI only);
  • lte - fixed modem initialization after reboot;
  • lte - limited minimal default route distance to 1;
  • mac-server - use "/interface list" instead of interface name under MAC server settings;
  • neighbor - show neighbors on actual bridge port instead of bridge itself
  • sms - include timestamps in SMS delivery reports;
  • sms - properly initialize SMS storage;
  • snmp - show only available OIDs under "/system health print oid";
  • winbox - allow shorten bytes to k,M,G in Hotspot user limits;
  • winbox - do not show duplicate "Switch" menus for CRS326;
  • winbox - fixed "/certificate sign" process;
  • wireless - added "allow-signal-out-off-range" option for Access List entries.

Другие изменения относительно 6.40.4:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bgp - added 32-bit private ASN support;
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • CRS3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • lcd - fixed unresponsive LCD (introduced in v6.41rc15);
  • log - added "bridge" topic;
  • log - optimized "poe-out" logging topic logs;
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - added Yota non-configurable modem support;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - do not reset modem when it is not possible to access SMS storage;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - properly recognize USB devices under "/system resource usb" (introduced in v6.41rc12);
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
  • ppp - fixed serial port loading (introduced in v6.41rc);
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sniffer - fixed VLAN tag reporting for TX packets (introduced 6.41rc14);
  • snmp - fixed "/system license" parameters for CHR;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router;
  • ups - fixed duplicate "failed" UPS logs;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc38

Дата выхода: 3 октября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • arm - minor improvements on CPU load distribution for RB1100 series devices;
  • bgp - added 32-bit private ASN support;
  • lte - added Passthrough support (CLI only);
  • snmp - fixed "/system license" parameters for CHR;
  • upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
  • upnp - deny UPnP request if port is already used by the router.

Другие изменения относительно 6.40.4:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - initial support for "/interface list" as a bridge port (CLI only);
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • CRS3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • fetch - accept all HTTP 2xx status codes;
  • ike1 - release mismatched PH2 peer IDs;
  • ike2 - check identities on "initial-contact";
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • lcd - fixed unresponsive LCD (introduced in v6.41rc15);
  • log - added "bridge" topic;
  • log - fixed "unknown" interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration) (CLI only);
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - added Yota non-configurable modem support;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - do not reset modem when it is not possible to access SMS storage;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - properly recognize USB devices under "/system resource usb" (introduced in v6.41rc12);
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
  • ppp - fixed serial port loading (introduced in v6.41rc);
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sniffer - fixed VLAN tag reporting for TX packets (introduced 6.41rc14);
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • ups - fixed duplicate "failed" UPS logs;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries (CLI only);
  • wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc37

Дата выхода: 2 октября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
  • bridge - initial support for "/interface list" as a bridge port (CLI only);
  • fetch - accept all HTTP 2xx status codes;
  • ike2 - fixed initiator DDoS cookie processing;
  • ike2 - fixed responder DDoS cookie first notify type check;
  • lte - fixed modem initialization after reboot;
  • ntp-client - properly start NTP client after reboot if manual server IP is not configured;
  • sfp - fixed OPTON module DDM information readings;
  • wireless - added "etsi1" regulatory domain information;
  • wireless - improved WPA2 key exchange reliability;
  • wireless - updated "norway" regulatory domain information.

Другие изменения относительно 6.40.3:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • address - show warning on IPv6 address when acquire from pool has failed;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • arp - properly update dynamic ARP entries after interface related changes;
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs317 - added L2MTU support;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • crs3xx - improved packet processing in slowpath;
  • CRS3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • defconf - fixed RouterOS default configuration (introduced in v6.40.3);
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv6 client - added IAID check in reply;
  • dhcpv6-client - fixed IA check on solicit when "rapid-commit" is enabled;
  • dhcpv6-client - ignore unknown IA;
  • dhcpv6-client - require pool name to be unique;
  • e-mail - auto complete file name on "file" parameter (introduced in v6.40);
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • ethernet - removed "master-port" parameter;
  • export - fixed interface list export;
  • export - fixed wireless "ssid" and "supplicant-identity" compact export;
  • hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
  • hotspot - improved user statistics collection process;
  • ike1 - release mismatched PH2 peer IDs;
  • ike1 - remove PH1 and PH2 when "mode-config" exchange fails;
  • ike2 - check identities on "initial-contact";
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - kill PH1 on "mode-config" address failure;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • ipv6 - fixed IPv6 address request from pool (introduced in v6.41rc1);
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • lcd - fixed unresponsive LCD (introduced in v6.41rc15);
  • log - added "bridge" topic;
  • log - fixed "unknown" interface name in log messages;
  • log - optimized "poe-out" logging topic logs;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration) (CLI only);
  • lte - added Passthrough support (CLI only);
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - added Yota non-configurable modem support;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - do not reset modem when it is not possible to access SMS storage;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - properly recognize USB devices under "/system resource usb" (introduced in v6.41rc12);
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
  • ppp - fixed serial port loading (introduced in v6.41rc);
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
  • routerboard - fixed "/system routerboard upgrade" for CRS212-8G-4S;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sfp - fixed temperature readings for various SFP modules;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sniffer - fixed VLAN tag reporting for TX packets (introduced 6.41rc14);
  • snmp - fixed "/system license" parameters for CHR;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • snmp - fixed "/caps-man registration-table" uptime values;
  • tile - improved reliability on MPLS package processing;
  • tile - improved hardware encryption processes;
  • traceroute - improved "/tool traceroute" results processing;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
  • vlan - do not allow VLAN MTU to be higher than L2MTU;
  • webfig - improved reliability of login process;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries (CLI only);
  • wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used;
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated "united kingdom" regulatory domain information.

MikroTik RouterOS 6.41rc34

Дата выхода: 27 сентября 2017 Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.k.

Изменения:

  • crs3xx - improved packet processing in slowpath;
  • defconf - fixed RouterOS default configuration (introduced in v6.40.3);
  • ethernet - removed "master-port" parameter;
  • log - fixed "unknown" interface name in log messages;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration) (CLI only);
  • lte - do not reset modem when it is not possible to access SMS storage;
  • snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
  • snmp - fixed "/caps-man registration-table" uptime values;
  • tile - improved hardware encryption processes;
  • vlan - do not allow VLAN MTU to be higher than L2MTU;
  • wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used.

Другие изменения относительно 6.40.3:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
  • address - show warning on IPv6 address when acquire from pool has failed;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • arp - properly update dynamic ARP entries after interface related changes;
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs317 - added L2MTU support;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • CRS3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv6 client - added IAID check in reply;
  • dhcpv6-client - fixed IA check on solicit when "rapid-commit" is enabled;
  • dhcpv6-client - ignore unknown IA;
  • dhcpv6-client - require pool name to be unique;
  • e-mail - auto complete file name on "file" parameter (introduced in v6.40);
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • export - fixed interface list export;
  • export - fixed wireless "ssid" and "supplicant-identity" compact export;
  • hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
  • hotspot - improved user statistics collection process;
  • ike1 - release mismatched PH2 peer IDs;
  • ike1 - remove PH1 and PH2 when "mode-config" exchange fails;
  • ike2 - check identities on "initial-contact";
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - kill PH1 on "mode-config" address failure;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • ipv6 - fixed IPv6 address request from pool (introduced in v6.41rc1);
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • lcd - fixed unresponsive LCD (introduced in v6.41rc15);
  • log - added "bridge" topic;
  • log - optimized "poe-out" logging topic logs;
  • lte - added Passthrough support (CLI only);
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - added Yota non-configurable modem support;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed mode initialization after reboot;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - properly recognize USB devices under "/system resource usb" (introduced in v6.41rc12);
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
  • ppp - fixed serial port loading (introduced in v6.41rc);
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
  • routerboard - fixed "/system routerboard upgrade" for CRS212-8G-4S;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sfp - fixed temperature readings for various SFP modules;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sniffer - fixed VLAN tag reporting for TX packets (introduced 6.41rc14);
  • snmp - fixed "/system license" parameters for CHR;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • tile - improved reliability on MPLS package processing;
  • traceroute - improved "/tool traceroute" results processing;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
  • webfig - improved reliability of login process;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries (CLI only);
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - log "signal-strength" when successfully connected to AP;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated United Kingdom regulatory domain information.

MikroTik RouterOS 6.41rc32

Дата выхода: 21 сентября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - implemented software based "igmp-snooping";
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration) (CLI only);
  • traceroute - improved "/tool traceroute" results processing;
  • wireless - log "signal-strength" when successfully connected to AP.

Другие изменения относительно 6.40.3:

  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • address - show warning on IPv6 address when acquire from pool has failed;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • arp - properly update dynamic ARP entries after interface related changes;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - removed "master-port" parameter;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • crs317 - added L2MTU support;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • CRS3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv6 client - added IAID check in reply;
  • dhcpv6-client - fixed IA check on solicit when "rapid-commit" is enabled;
  • dhcpv6-client - ignore unknown IA;
  • dhcpv6-client - require pool name to be unique;
  • e-mail - auto complete file name on "file" parameter (introduced in v6.40);
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • export - fixed interface list export;
  • export - fixed wireless "ssid" and "supplicant-identity" compact export;
  • hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
  • hotspot - improved user statistics collection process;
  • ike1 - release mismatched PH2 peer IDs;
  • ike1 - remove PH1 and PH2 when "mode-config" exchange fails;
  • ike2 - check identities on "initial-contact";
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - kill PH1 on "mode-config" address failure;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • ipv6 - fixed IPv6 address request from pool (introduced in v6.41rc1);
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • lcd - fixed unresponsive LCD (introduced in v6.41rc15);
  • log - added "bridge" topic;
  • log - optimized "poe-out" logging topic logs;
  • lte - added Passthrough support (CLI only);
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - added Yota non-configurable modem support;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • lte - fixed mode initialization after reboot;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - properly recognize USB devices under "/system resource usb" (introduced in v6.41rc12);
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
  • ppp - fixed serial port loading (introduced in v6.41rc);
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
  • routerboard - fixed "/system routerboard upgrade" for CRS212-8G-4S;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sfp - fixed temperature readings for various SFP modules;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sniffer - fixed VLAN tag reporting for TX packets (introduced 6.41rc14);
  • snmp - fixed "/system license" parameters for CHR;
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • tile - improved reliability on MPLS package processing;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
  • webfig - improved reliability of login process;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries (CLI only);
  • wireless - improved reliability on "rx-rate" selection process;
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated United Kingdom regulatory domain information.

MikroTik RouterOS 6.41rc31

Дата выхода: 20 сентября 2017

Важные комментарии:

Backup before upgrade! RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload). This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such. Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions. The rest of RouterOS Switch specific configuration remains untouched in usual menus for now. Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Изменения:

  • crs317 - added initial support for HW offloaded MPLS forwarding;
  • lte - added "/interface lte apn" menu (Passthrough requires reconfiguration) (CLI only);
  • lte - added Passthrough support (CLI only);
  • lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
  • lte - automatically add "/ip dhcp-client" configuration on interface;
  • lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
  • ppp - fixed serial port loading (introduced in v6.41rc);
  • sfp - fixed temperature readings for various SFP modules;
  • snmp - fixed "/system license" parameters for CHR;
  • wireless - improved reliability on "rx-rate" selection process.

Другие изменения относительно 6.40.3:

  • bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
  • bridge - implemented software based vlan-aware bridges; https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
  • switch - "master-port" conversion into a bridge with hardware offload "hw" option; https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
  • address - show warning on IPv6 address when acquire from pool has failed;
  • arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
  • arp - properly update dynamic ARP entries after interface related changes;
  • bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
  • bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
  • bridge - changed "Host" and "MDB" table column order;
  • bridge - fixed "fast-forward" counters;
  • bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
  • bridge - fixed ARP setting (introduced in v6.40rc36);
  • bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
  • bridge - fixed multicast forwarding (introduced in v6.40rc36);
  • bridge - implemented dynamic entries for active MST port overrides;
  • bridge - implemented software based "igmp-snooping";
  • bridge - implemented software based MSTP;
  • bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
  • bridge - removed "master-port" parameter;
  • bridge - show "admin-mac" only if "auto-mac=no";
  • bridge - show bridge interface local addresses in the host table;
  • btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
  • capsman - added "vlan-mode=no-tag" option;
  • capsman - return complete CA chain when issuing new certificate;
  • certificate - fixed import of certificates with empty SKID;
  • certificate - fixed SCEP "get" request URL encoding;
  • certificate - show "Expired" flag when initial CRL fetch fails;
  • chr - added KVM memory balloon support;
  • chr - added suspend support;
  • console - do not stop "/certificate sign" process if console times out in 1 minute;
  • crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
  • crs317 - added L2MTU support;
  • crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
  • crs3xx - added port ingress and egress rate limiting;
  • CRS3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
  • dhcp - fixed DHCP services failing after reboot when DHCP option was used;
  • dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
  • dhcp - require DHCP option name to be unique;
  • dhcpv4-client - allow to use DUID for client as identity string as the option 61;
  • dhcpv6 client - added IAID check in reply;
  • dhcpv6-client - fixed IA check on solicit when "rapid-commit" is enabled;
  • dhcpv6-client - ignore unknown IA;
  • dhcpv6-client - require pool name to be unique;
  • e-mail - auto complete file name on "file" parameter (introduced in v6.40);
  • e-mail - do not show errors when sending e-mail from script;
  • eoip - made L2MTU parameter read-only;
  • export - fixed interface list export;
  • export - fixed wireless "ssid" and "supplicant-identity" compact export;
  • hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
  • hotspot - improved user statistics collection process;
  • ike1 - release mismatched PH2 peer IDs;
  • ike1 - remove PH1 and PH2 when "mode-config" exchange fails;
  • ike2 - check identities on "initial-contact";
  • ike2 - use peer configuration address when available on empty TSi;
  • interface - added "/interface reset-counters" command (CLI only);
  • interface - added option to join and exclude "/interface list" from one and another;
  • interface - fixed corrupted "/interface list" configuration after upgrade;
  • ippool6 - try to assign desired prefix for client if prefix is not being already used;
  • ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
  • ipsec - allow to specify "remote-peer" address as DNS name;
  • ipsec - kill PH1 on "mode-config" address failure;
  • ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
  • ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
  • ipv6 - fixed IPv6 address request from pool (introduced in v6.41rc1);
  • l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
  • lcd - fixed "flip-screen=yes" state after reboot;
  • lcd - fixed unresponsive LCD (introduced in v6.41rc15);
  • log - added "bridge" topic;
  • log - optimized "poe-out" logging topic logs;
  • lte - added Yota non-configurable modem support;
  • lte - fixed mode initialization after reboot;
  • lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
  • lte - properly recognize USB devices under "/system resource usb" (introduced in v6.41rc12);
  • modem - added initial support for Alcatel IK40 and Olicard 500;
  • ospf - fixed OSPF v2 and v3 neighbor election;
  • ppp - added support for Sierra MC7750, Verizon USB730L;
  • ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
  • ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
  • pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
  • pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
  • rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
  • routerboard - fixed "/system routerboard upgrade" for CRS212-8G-4S;
  • sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
  • sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
  • sniffer - fixed VLAN tag reporting for TX packets (introduced 6.41rc14);
  • snmp - fixed bridge host requests on devices with multiple bridge interfaces;
  • tile - improved reliability on MPLS package processing;
  • ups - fixed duplicate "failed" UPS logs;
  • userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
  • webfig - improved reliability of login process;
  • winbox - added "notrack-chain" setting to IPSec peers;
  • winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
  • winbox - do not show duplicate filter parameters "Published" in ARP list;
  • winbox - fixed bridge port sorting order by interface name;
  • winbox - show warnings under "/system routerboard settings" menu;
  • wireless - added "allow-signal-out-off-range" option for Access List entries (CLI only);
  • wireless - pass interface MAC address in Sniffer TZSP frames;
  • wireless - updated United Kingdom regulatory domain information.
Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам