MikroTik RouterOS 6.47.x (Stable)

Подробное описание изменений в MikroTik RouterOS 6.47.x (Stable). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 2 июня 2020, дата выхода последнего набора изменений – 26 ноября 2020.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

MikroTik RouterOS 6.47.8

Дата выхода: 26 ноября 2020

Изменения:

arm - improved system stability;
bgp - treat route target with AS 65535 as two byte AS;
branding - fixed imported skin presence;
bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
disk - improved disk management service stability when receiving bogus packets;
dns - improved stability with large table of static records;
ike1 - allow using "my-id" parameter with XAuth;
leds - fixed LED type setting;
metarouter - fixed directory entry reporting;
profile - fixed process classification on x86 systems (introduced in v6.47);
quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
sstp - fixed "idle-timeout" on TILE and CHR devices;
system - replace "3" in superscript to "^3" on RBD53GR devices;
upgrade - do not try installing packages if download was not completed;
winbox - added "operator" parameter under "Interface/LTE" menu;
winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
winbox - do not allow MAC address changes on LTE interfaces;
winbox - show "System/Health" only on boards that have health monitoring;
winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
winbox - show "usb-bus" option on all boards that have it;
winbox - show "usb-type" option on all boards that have it;
winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices.

MikroTik RouterOS 6.47.7

Дата выхода: 27 октября 2020

Изменения:

crs3xx - improved system stability on CRS354 devices;
defconf - improved default configuration generation on devices without wireless package installed;
poe - fixed automatic PoE firmware upgrade procedure;
poe - improved PoE-out status detection;
wireless - updated "kazakhstan" regulatory domain information.

MikroTik RouterOS 6.47.6

Дата выхода: 21 октября 2020

Изменения:

cap - fixed L2MTU path discovery;
crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
defconf - fixed default configuration loading on RBmAP-2nD;
dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
dhcpv6-server - properly save bindings when executing "make-static" command;
fetch - improved SSL handshake processing;
ike1 - allow using "my-id" parameter with XAuth;
leds - fixed LED type setting;
lora - expose "joinEui" un "devEui" values in the log;
lte - fixed multiple APN passthrough on R11e-4G;
lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
lte - limit allowed APN count to 3 on R11e-LTE;
mpls - fixed duplicate "LabelRelease" message sending;
ospf - optimized LSA printing for smaller message sizes;
radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
smips - reduced RouterOS main package size;
switch - fixed Ethernet padding for small packets;
user - improved WinBox and The Dude authenticated session handling;
vrrp - made "password" parameter sensitive;
w60g - general stability and performance improvements;
wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
wireless - fixed incorrect wireless capability information in association response frames.

MikroTik RouterOS 6.47.5

Дата выхода: 8 октября 2020

Релиз только для внутреннего использования компанией MikroTik.

MikroTik RouterOS 6.47.4

Дата выхода: 16 сентября 2020

Изменения:

bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
fetch - fixed "src-address" usage for SFTP;
filesystem - improved long-term filesystem stability and data integrity;
hotspot - ignore packets from host while MAC authentication is in progress;
kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
smb - fixed possible memory leak (CVE-2020-11881);
sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
user-manager - updated PayPal's root certificate authorities;
wireless - added support for U-NII-2 for wAP ac;
wireless - updated "canada" regulatory domain information;
wireless - updated "united states" regulatory domain information.

MikroTik RouterOS 6.47.3

Дата выхода: 1 сентября 2020

Изменения:

bridge - fixed host table update on SNMP query;
crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
crs3xx - improved system stability when using hardware offloaded MPLS;
dns - fixed multiple TXT string replies;
dns - hide default static entry "type" from export;
dot1x - fixed duplicate EAP request packets for server;
dot1x - fixed EAP packet version numbering;
ike2 - fixed local side NAT detection;
lte - fixed multiple passthrough APN default route installation;
lte - fixed RSCP value reporting;
lte - validate interface existence on initiation;
ospf - fixed disappearing NSSA default route;
ospf - fixed processing of "unknown" LSA type;
poe - fixed "power-cycle" functionality on RB960GSP;
routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
wireless - allow setting "tx-power" up to 40;
wireless - fixed potential wireless driver issue related to CVE-2020-3702.

MikroTik RouterOS 6.47.2

Дата выхода: 13 августа 2020

Изменения:

arm - improved stability when forcing 25G speed on unsupported interface;
crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
discovery - use "static" interface list by default instead of "!dynamic";
fetch - show status "uploaded" instead of "downloaded" when uploading a file;
hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
interface - added new builtin "static" interface list;
l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
lte - fixed dynamic DHCP client creation when editing APN profile;
ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
sftp - fixed "flash" directory access (introduced in v6.46);
smb - fixed file path validation (introduced in v6.46);
smb - fixed possible memory leak;
smb - fixed SMB server (introduced in v6.47);
smb - limit active session count to 5 per connection;
snmp - fixed "current" value reporting on CCR series devices;
snmp - fixed "fan-speed" value reporting on CCR series devices;
wireless - added support for U-NII-2 for cAP ac;
wireless - updated "indonesia5" regulatory domain information;
www - improved WWW service stability when receiving bogus packets.

MikroTik RouterOS 6.47.1

Дата выхода: 8 июля 2020

Изменения:

crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
defconf - fixed default configuration generation on devices without "wireless" package installed;
defconf - fixed default configuration loading on RBmAPL-2nD;
defconf - improved default configuration generation on devices with changed wireless interface names;
dhcpv6-server - disallow changing binding's "prefix-pool";
dhcpv6-server - improved stability when changing server for static bindings;
dns - do not allow setting "forward-to" same as "name" or "regex";
dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
dns - do not use DoH for local queries when a server is specified;
export - fixed HotSpot "address-per-mac" parameter export;
filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
ftp - fixed possible buffer overflow;
ike2 - fixed initiator child SA init without policy;
ike2 - fixed policy reference for pending acquire;
ike2 - retry RSA signature validation with deduced digest from certificate;
ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
lora - added "spoof-gps" parameter for fake GPS coordinate sending;
lora - fixed JSON statistics inaccuracies;
lte - added support for MTS 8810FT;
lte - fixed modem initialization when multiple modems are used simultaneously;
lte - fixed PDP authentication configuration for SIM7600;
metarouter - fixed image importing (introduced in v6.46);
ospf - improved route tag processing for OSPFv3;
ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
qsfp - fixed auto-negotiation status;
qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
routerboard - fixed "reset-button" menu presence on all devices;
supout - added "LoRa" section to supout file;
switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
winbox - fixed flag displaying under "IP/DNS/Static" table;
winbox - fixed minor typo in "BGP/Peer" menu;
winbox - hide irrelevant switch port parameters;
wireless - changed "station-roaming" default setting from "enabled" to "disabled";
wireless - updated "bangladesh" regulatory domain information;
wireless - updated "egypt" regulatory domain information.

MikroTik RouterOS 6.47

Дата выхода: 2 июня 2020

Важные примечания:

The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
The Dude client must be manually upgraded after upgrading The Dude server.
The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.

Важные изменения:

dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
socks - added support for SOCKS5 (RFC 1928);
user - enable "winbox" policy for groups with "dude" policy automatically on upgrade.

Изменения:

api - added ECDHE cipher support for "api-ssl" service;
bonding - improved slave interface MAC address handling;
bonding - prefer primary slave MAC address for bonding interface;
branding - do not ask to confirm configuration applied from branding package;
branding - fixed identity setting from branding package;
branding - improved branding package installation process when another branding package is already installed;
bridge - added logging debug message when a host MAC address is learned on a different bridge port;
bridge - added warning message when a bridge port gets dynamically added to VLAN range;
bridge - correctly remove disabled MSTI;
bridge - improved hardware offloading enabling/disabling;
certificate - added "skid" and "akid" values for detailed print;
certificate - allow dynamic CRL removal;
certificate - disabled CRL usage by default;
certificate - do not use SSL for first CRL update;
chr - added support for file system quiescing;
chr - added support for hardware watchdog on ESXI;
chr - enabled support for VMBus protocol version 4.1;
chr - improved system stability when running CHR on Hyper-V;
crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
crs3xx - improved 10G interface initialization on CRS312 devices;
crs3xx - improved switch host table updating;
crs3xx - show correct switch model for netPower 15FR device;
defconf - fixed default configuration initialization if power loss occurred during the process;
dhcpv4 - added end option (255) validation for both server and client;
dhcpv4-client - improved stability when changing client while still receiving advertisements;
dhcpv4-server - disallow zero lease-time setting;
dhcpv6-client - improved error logging when when renewed address differs;
dhcpv6-server - do not require "server" parameter for bindings;
dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
discovery - do not send discovery packets on inactive bonding slave interfaces;
discovery - do not send discovery packets on interfaces that are blocked by STP;
disk - improved disk management service stability when receiving bogus packets;
disk - improved recently created file survival after reboots;
dns - added support for exclusive dynamic DNS server usage from IPsec;
dns - added support for forwarding DNS queries of static entries to specific server;
dns - added support for multiple type static entries;
dot1x - added "radius-mac-format" parameter;
dot1x - added hex value support for RADIUS switch rules;
dot1x - added range "dst-port" support for RADIUS switch rules;
dot1x - added support for lower case "mac-auth" RADIUS formats;
dot1x - fixed "reject-vlan-id" value range;
dot1x - fixed dynamically created switch rule removal when client disconnects;
dot1x - fixed port blocking when interface changes state from disabled to enabled;
dot1x - improved Dot1X service stability when receiving bogus packets;
dot1x - improved debug logging output to "dot1x" topic;
dot1x - improved value validation for dynamically created switch rules;
email - added support for multiple "to" recipients;
ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
fetch - fixed "User-Agent" usage if provided by "http-header-field";
graphing - improved graphing service stability when receiving bogus packets;
health - added "gauges" submenu with SNMP OID reporting;
health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
hotspot - updated splash page design ('/ip hotspot reset-html' required);
ike1 - added error message when specifying "my-id" for XAuth identity;
ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
ike1 - do not try to keep phase 2 when purging phase 1;
ike1 - improved policy lookup with specific protocol;
ike1 - improved stability when performing policy lookup on non-existant peer;
ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
ike2 - added support for RADIUS Disconnect-Request message handling;
ike2 - added support for RFC8598;
ike2 - allow initiator address change before authentication;
ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
interface - improved system stability when receiving bogus packets;
interface - increased loopback interface MTU to 65536;
ipsec - added "split-dns" parameter support for mode configuration;
ipsec - added "use-responder-dns" parameter support;
ipsec - allow specifying two peers for a single policy for failover;
ipsec - control CRL validation with global "use-crl" setting;
ipsec - do full certificate validation for identities with explicit certificate;
ipsec - fixed minor spelling mistake in logs;
ipsec - improved IPsec service stability when receiving bogus packets;
ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
kidcontrol - ignore IPv6 multicast MAC addresses;
l2tp - added "src-address" parameter for L2TP client;
l2tp - added "use-peer-dns" parameter for L2TP client;
l2tp - improved dynamically created IPsec configuration updating;
l2tp - use L2TP interface when adding dynamic IPsec peer;
lcd - fixed LCD service becoming unavailable on devices without LCD screen;
lcd - improved general system stability when LCD is not present;
led - fixed minor typo in LED warning message;
log - added logging entry when changing user's password;
log - added tunnel endpoint address to establishment and disconnect logging entries;
log - made startup script failures log as critical errors;
lte - added support for Huawei K5161 modem;
lte - added support for NEOWAY N720;
lte - added support for multiple passthrough APN configuration;
lte - do not allow running "scan" on R11e-4G;
lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
lte - fixed "band" parameter persistence after disable/enable;
lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
lte - fixed VLAN interface passthrough support;
lte - fixed multiple APN reactivation after deactivation by operator;
lte - improved stability during firmware upgrade;
lte - made "mac-address" parameter read-only;
lte - show "phy-cellid" value only in LTE mode;
netinstall - removed "Flashfig" from Netinstall;
netinstall - removed "Make Floppy" from Netinstall;
netinstall - signed netinstall.exe with Digital Signature;
netwatch - improved Netwatch service stability when invalid configuration values are passed;
ovpn - added "use-peer-dns" parameter for OVPN client;
port - removed serial console port on hEX S;
ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
ppp - added support for ZTE MF90;
ppp - fixed minor typo when running "info" command;
ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
pptp - added "use-peer-dns" parameter for PPTP client;
profile - added support for CCR2004-1G-12S+2XS;
proxy - increased minimal free RAM that can not be used for proxy services;
qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
quickset - do not show "SINR" field in Quick Set when there is no data;
quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
quickset - removed "EARFCN" field from Quick Set;
quickset - removed "LTE band" setting from Quick Set;
quickset - show "Antenna Gain" setting on devices without built-in antennas;
quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
routerboard - added "hold-time" parameter to mode-button menu;
routerboard - added "reset-button" menu - custom command execution with reset button;
routing - improved IGMP-Proxy service stability when receiving bogus packets;
routing - improved routing service stability when receiving bogus packets;
sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
sniffer - allow setting port for "streaming-server";
snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
snmp - improved OID policy checking and error reporting on "set" command;
snmp - improved stability when polling MAC address related OID;
ssh - improved SSH service stability when receiving bogus packets;
supout - added "dot1x" section to supout files;
supout - improved UPS information reporting;
switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
system - improved driver loading speed on startup;
tr069-client - added LTE firmware update functionality support;
tr069-client - added additional LTE information parameters;
tr069-client - added additional wireless registration table parameters;
tr069-client - added interface type parameter support;
tr069-client - added multiple simultaneous session support for diagnostics test;
tr069-client - added total connection tracking entries parameter;
tr069-client - removed warning log message when not using HTTPS;
traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
upgrade - fixed space handling in package file names;
ups - added battery info for APC SmartUPS 2200;
ups - improved compatibility with APC Smart UPS 1000 and 1500;
user - improved user management service stability when receiving bogus packets;
w60g - fixed link status logging;
w60g - improved rate selection in low traffic conditions;
w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
webfig - fixed WinBox download link;
webfig - fixed skin usage from branding package;
webfig - updated icon design;
winbox - added "Rate" parameter for switch ACL rules;
winbox - added "auth-info" parameter under "Dot1X->Active" menu;
winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
winbox - added "auto-erase" option to "Tool/SMS" menu;
winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
winbox - added "comment" parameter for Dot1X client;
winbox - added "region" parameter for W60G interfaces;
winbox - added "skip-dfs-channels" parameter to wireless interface menu;
winbox - added comment support for "Switch->VLAN" menu;
winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
winbox - added support for inline bar graphs for LTE signal values;
winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
winbox - fixed bonding type interface support for "Switch->Host" table;
winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
winbox - fixed wireless sniffer parameter setting;
winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
winbox - show "Hardware Offload" parameter for bonding interfaces;
winbox - updated icon design;
wireless - added "russia 6ghz" regulatory domain information;
wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
wireless - fixed Nstreme wireless protocol performance decrease;
wireless - improved management service stability when receiving bogus packets;
wireless - updated "egypt" regulatory domain information;
wireless - updated "russia4" regulatory domain information;
www - added "tls-version" parameter in "IP->Services" menu.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь