MikroTik RouterOS 6.48rc1 (Testing)

Материал из MikroTik Wiki
Перейти к навигации Перейти к поиску

Подробное описание изменений в MikroTik RouterOS 6.48rc1 (Testing). Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 11 декабря 2020, дата выхода последнего набора изменений – 11 декабря 2020.

Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам

MikroTik RouterOS 6.48rc1

Дата выхода: 11 декабря 2020

Изменения:

  • arm - improved system stability;
  • bgp - fixed VPNV4 RD byte order;
  • bonding - added LACP monitoring;
  • branding - fixed LCD logo loading from new style branding package;
  • bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
  • bridge - added fixes and improvements for IGMP and MLD snooping;
  • bridge - fixed "multicast-router" setting on bridge enable;
  • capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
  • certificate - properly flush expired SCEP OTP entries;
  • chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
  • crs3xx - added initial Bridge Port Extender support;
  • crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
  • crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
  • crs3xx - fixed bridge "port-extender" for CRS318 devices;
  • crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
  • discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
  • ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
  • ike1 - fixed 'rsa-signature-hybrid' authentication method;
  • ike1 - fixed memory leak on multiple CR payloads;
  • ipsec - added SHA384 hash algorithm support for phase 1;
  • lte - increased "at+cops" reply timeout to 90 seconds;
  • profile - added "lcd" process classificator;
  • tr069-client - fixed TotalBytesReceived parameter value;
  • winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
  • winbox - added missing IGMP Snooping settings to "Bridge" menu;
  • winbox - added missing MSTP settings to "Bridge" menu;
  • winbox - added support for LTE Cell Monitor;
  • wireless - increased "group-key-update" maximum value to 1 day;
  • wireless - updated "indonesia5" regulatory domain information.

Другие изменения относительно 6.47.8:

  • arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
  • arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
  • arm64 - improved reboot reason reporting in log;
  • bonding - added LACP monitoring;
  • bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
  • bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
  • bridge - added warning message when port is disabled by the BPDU guard;
  • bridge - allow to exclude interfaces from extended ports (CLI only);
  • bridge - automatically remove extended interfaces when deleting PE device from CB;
  • bridge - correctly remove dynamic VLAN assignment for bridge ports;
  • bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
  • bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
  • bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
  • bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
  • bridge - fixed local MAC address removal from host table when deleting bridge interface;
  • bridge - fixed multicast table printing;
  • bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
  • bridge - improved BPDU guard logging;
  • bridge - increased multicast table size to 4K entries;
  • bridge - show "H" flag for extended bridge ports;
  • bridge - show error when switch do not support controlling bridge or port extension (CLI only);
  • bridge - use "frame-types=admit-all" by default for extended bridge ports;
  • cap - fixed L2MTU setting from CAPsMAN;
  • certificate - clear challenge password on renew;
  • certificate - fixed CRL URL length limit;
  • certificate - fixed private key verification for CA certificate during signing process;
  • certificate - generate CRL even when CRL URL not specified;
  • certificate - properly flush expired SCEP OTP entries;
  • chr - fixed SSH key import on Azure;
  • chr - improved interface loading on startup on XEN;
  • chr - improved system stability when changing flow control settings on e1000;
  • cloud - improved backup generation process;
  • conntrack - automatically reduce connection tracking timeouts when table is full;
  • console - allow "once" parameter for bonding monitoring;
  • crs3xx - added initial Bridge Port Extender support (CLI only);
  • crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
  • crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
  • crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
  • crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
  • crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
  • crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
  • crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
  • crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
  • crs3xx - fixed bridge port-extender for CRS318 devices;
  • crs3xx - fixed duplicate host entries when creating static switch hosts;
  • crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
  • crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
  • crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
  • crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
  • crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
  • crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
  • crs3xx - improved system stability on CRS354 devices;
  • defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
  • defconf - fixed static IP address setting in case default configuration loading fails;
  • defconf - improved CAP interface bridging;
  • defconf - improved default configuration generation on devices with non-default wireless interface names;
  • detnet - fixed malformed dummy DHCP User Class option;
  • detnet - use MAC address from bridge interface instead of slave port;
  • dhcp - fixed DHCP packet forwarding to IPsec policies;
  • dhcpv4-server - improved "client-id" value parsing;
  • dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
  • dhcpv6-server - added ability to generate binding on first request;
  • dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
  • dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
  • dhcpv6-server - make sure that calling station ID always contains DUID;
  • discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
  • discovery - allow choosing which discovery protocol is used;
  • discovery - fixed discovery on mesh ports;
  • discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
  • discovery - fixed discovery when enabled only on master port;
  • discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
  • discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
  • discovery - use interface MAC address when sending MNDP from slave port;
  • disk - fixed external EXT3 disk mounting on x86 systems;
  • dns - added IPv6 support for DoH;
  • dns - do not use type "A" for static entries with unspecified type;
  • dns - end ongoing queries when changing DoH configuration;
  • dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
  • dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
  • dot1x - fixed reauthentication after server rejects a client into VLAN;
  • dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
  • dude - fixed configuration menu presence on ARM64 devices;
  • export - fixed RouterBOARD USB "type" parameter export;
  • filesystem - fixed repartition on RB4011 series devices;
  • filesystem - fixed repartition on non-first partition;
  • filesystem - improved long-term filesystem stability and data integrity;
  • gps - fixed "init-channel" release when not used;
  • health - changed PSU state parameter type to read-only;
  • health - removed unused "heater-control" and "heater-threshold" parameters;
  • hotspot - added "vlan-id" parameter support for hosts and HTML pages;
  • hotspot - added support for captive portal advertising using DHCP (RFC7710);
  • hotspot - fixed "html-directory" parameter export;
  • hotspot - improved management service stability when receiving bogus packets;
  • ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
  • ike1 - fixed policy update with and without mode configuration;
  • ike1 - rekey phase 1 as responder for Windows initiators;
  • ike2 - added "prf-algorithm" support for phase 1;
  • ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
  • ike2 - fixed EAP MSK length validation;
  • ike2 - fixed too small payload parsing;
  • ike2 - improved EAP message integrity checking;
  • ike2 - improved child SA rekeying process;
  • interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
  • interface - fixed pwr-line running state (introduced in v6.45);
  • ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
  • ipsec - do not kill connection when peer's "name" or "comment" is changed;
  • ipsec - fixed client certificate usage when certificate is renewed with SCEP;
  • ipsec - fixed multiple warning message display for peers;
  • ipsec - inactivate peer's policy on disconnect;
  • ipsec - refresh peer's DNS only when phase 1 is down;
  • kidcontrol - allow creating static device entries without assigned user;
  • led - fixed state persistence after device reboot on NetMetal 5 ac devices;
  • lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
  • lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
  • lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
  • lte - added "comment" parameter for APN profiles;
  • lte - added support for Alcatel IK41VE1;
  • lte - fixed "band" value reporting;
  • lte - increased "at+cops" reply timeout to 1 minute;
  • m33g - added support for "/system gpio" menu (CLI only);
  • metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
  • metarouter - fixed memory leak when tearing down metarouter instance;
  • ppp - added "bridge-learning" parameter support;
  • ppp - added "ipv6-routes" parameter to "secrets" menu;
  • ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
  • ppp - store "last-caller-id" for PPP secrets;
  • ppp - store "last-disconnect-reason" for PPP secrets;
  • profile - improved idle process detection on x86 processors;
  • profile - improved process classification on ARM devices;
  • quickset - added "Port Mapping" to QuickSet;
  • quickset - fixed local IP address setting on master interface;
  • route - improved stability when 6to4 interface is configured with disabled IPv6 package;
  • routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
  • routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
  • script - added error message in the logs if startup script runtime limit was exceeded;
  • snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
  • snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
  • snmp - fixed value types for "dot1dStp";
  • snmp - fixed value types for "dot1qPvid";
  • ssh - fixed returned output saving to file when "output-to-file" parameter is used;
  • ssh - skip interactive authentication when not running in interactive mode;
  • supout - added bonding interface monitor information;
  • supout - improved autosupout.rif file generation process;
  • timezone - updated timezone information from "tzdata2020d" release;
  • tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
  • tr069-client - added LTE model and revision parameters;
  • tr069-client - added additional wireless registration table parameters;
  • tr069-client - added branding package version parameter;
  • tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
  • tr069-client - allow passing LTE firmware update URL as XML;
  • tr069-client - fixed RouterOS downgrade procedure;
  • tr069-client - send correct "ConnectionRequestURL" when using IPv6;
  • traffic-flow - added "sys-init-time" parameter support;
  • traffic-flow - added NAT event logging support for IPFIX;
  • traffic-generator - fixed 32Gbps limitation;
  • user-manager - do not allow creating limitation that crosses midnight;
  • user-manager - updated PayPal's root certificate authorities;
  • webfig - allow hiding QuickSet mode selector;
  • webfig - allow hiding and renaming inline buttons;
  • webfig - fixed default value presence when creating new entries under "IP->Kid Control";
  • webfig - properly stop background processes when switching away from QuickSet tab;
  • winbox - allow adding bonding interface with one slave interface;
  • winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
  • winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
  • winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
  • winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
  • winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
  • winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
  • winbox - fixed minor typo in "Users" menu;
  • winbox - provide sane default values for bridge "VLAN IDs" parameter;
  • winbox - use health values reported by gauges for "System/Health" menu;
  • wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
  • wireless - create "connect-list" rule when address specified for "setup-repeater";
  • wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
  • wireless - improved WPS process stability;
  • wireless - increased "group-key-update" maximum value to 1 day;
  • wireless - updated "no_country_set" regulatory domain information.
Чек-лист по настройке MikroTik
Проверьте свою конфигурацию по 28-ми пунктам