MikroTik RouterOS 7.11.x (stable)

Материал из MikroTik Wiki

Подробное описание изменений в MikroTik RouterOS 7.11.x. Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 15 августа 2023, дата выхода последнего набора изменений – 31 августа 2023.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA. 
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

MikroTik RouterOS 7.11.2

Дата выхода: 31 августа 2023.

Изменения:

  • dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);


MikroTik RouterOS 7.11.1

Дата выхода: 30 августа 2023.

Изменения:

  • bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
  • bridge - fixed untagged VLAN entry disable;
  • bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
  • bridge - improved system stability;
  • bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
  • console - improved stability and responsiveness;
  • dhcp - fixed DHCP server and relay related response delays;
  • ipsec - fixed IPSec policy when using modp3072;
  • lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;

MikroTik RouterOS 7.11

Дата выхода: 15 августа 2023.

Изменения:

  • api - disallow executing commands without required parameters;
  • bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
  • bfd - improved system stability;
  • bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
  • bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
  • bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
  • bridge - added more STP-related logging;
  • bridge - added warning when VLAN interface list contains ports that are not bridged;
  • bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
  • bridge - fixed MSTP BPDU aging;
  • bridge - fixed MSTP synchronization after link down;
  • bridge - prevent bridging the VLAN interface created on the same bridge;
  • certificate - allow to import certificate with DNS name constraint;
  • certificate - fixed PEM import;
  • certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
  • certificate - improved CRL download retry handling;
  • certificate - removed request for "passphrase" property on import;
  • certificate - require CRL presence when using "crl-use=yes" setting;
  • certificate - restored RSA with SHA512 support;
  • conntrack - fixed "active-ipv4" property;
  • console - added ":convert" command;
  • console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
  • console - fixed incorrect date when printing "value-list" with multiple entries;
  • console - fixed minor typos;
  • console - fixed missing "parent" for script jobs (introduced in v7.9);
  • console - fixed missing return value for ping command in certain cases;
  • console - fixed printing interval when resizing terminal;
  • console - improved flag printing in certain menus;
  • console - improved stability and responsiveness;
  • console - improved stability when canceling console actions;
  • console - improved stability when using fullscreen editor;
  • console - improved timeout for certain commands and menus;
  • console - improved VPLS "cisco-id" argument validation;
  • container - added IPv6 support for VETH interface;
  • container - added option to use overlayfs layers;
  • container - adjust the ownership of volume mounts that fall outside the container's UID range;
  • container - fixed duplicate image name;
  • container - fixed IP address in container host file;
  • defconf - do not change admin password if resetting with "keep-users=yes";
  • dhcp-server - fixed setting "bootp-lease-time=lease-time";
  • discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
  • dns - improved system stability when processing static DNS entries with specified address-list;
  • ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
  • ethernet - improved interface stability for CRS312 device;
  • fetch - improved timeout detection;
  • firewall - added warning when PCC divider argument is smaller than remainder;
  • firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
  • firewall - improved system stability when using "endpoint-independent-nat";
  • graphing - added paging support;
  • health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
  • health - fixed configuration export for "/system/health/settings" menu;
  • hotspot - allow number as a first symbol in the Hotspot server DNS name;
  • ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
  • ike2 - improved SA rekeying reply process;
  • ike2 - improved system stability when closing phase1;
  • ike2 - improved system stability when making configuration changes on active setup;
  • ike2 - log "reply ignored" as non-debug log message;
  • ipsec - fixed public key export (introduced in v7.10);
  • ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
  • ipsec - improved IKE2 rekey process;
  • ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
  • l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
  • l3hw - fixed /32 and /128 route offloading after nexthop change;
  • l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
  • l3hw - improved system responsiveness during partial offloading;
  • l3hw - improved system stability during IPv6 route offloading;
  • l3hw - improved system stability;
  • led - fixed manually configured user LED for RB2011;
  • leds - blink red system-led when LTE is not connected to the network on D53 devices;
  • leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
  • lora - added new EUI field;
  • lora - added uplink message filtering option using NetID or JoinEUI;
  • lora - moved LoRa service to IoT package;
  • lora - properly apply configuration changes when multiple LoRa cards are used;
  • lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
  • lte - added "at-chat" support for Dell DW5821e-eSIM modem;
  • lte - added "at-chat" support for Dell DW5829 modem;
  • lte - added "at-chat" support for Fibocom L850-GL modem;
  • lte - added "at-chat" support for SIMCom 8202G modem;
  • lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
  • lte - added extended support for Neoway N75 modem;
  • lte - fixed Dell DW5221E "at-chat" support;
  • lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
  • lte - fixed NR SINR reporting for Chateau 5G;
  • lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
  • lte - fixed Telit LE910C4 "at-chat" support;
  • lte - improved initial interface startup time for SXT LTE 3-7;
  • lte - improved system stability when changing the "radio" state for MBIM modems;
  • lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
  • modem - added initial support for BG77 modem DFOTA firmware update;
  • modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
  • modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
  • mpls - improved MPLS TCP performance;
  • mqtt - added more MQTT publish configuration options;
  • mqtt - added new MQTT subscribe feature;
  • netwatch - added "src-address" property;
  • netwatch - changed "thr-tcp-conn-time" argument to time interval;
  • ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
  • ovpn - fixed OVPN server peer-id negotiation;
  • ovpn - fixed session-timeout when using UDP mode;
  • ovpn - improved key renegotiation process;
  • ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
  • ovpn - properly close OVPN session on the server when client gets disconnected;
  • package - treat disabled packages as enabled during upgrade;
  • poe - fixed missing PoE configuration section under specific conditions;
  • poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
  • pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
  • profile - added "container" process classifier;
  • profile - properly classify "console" related processes;
  • qos-hw - keep VLAN priority in packets that are sent from CPU;
  • quickset - correctly apply configuration when using "DHCP Server Range" property;
  • resource - fixed erroneous CPU usage values;
  • rose-storage - added "scsi-scan" command (CLI only);
  • rose-storage - added disk stats for ramdisks;
  • rose-storage - fixed RAID 0 creation;
  • rose-storage - limit striped RAID element size to smallest disk size;
  • route - added comment for BFD configuration (CLI only);
  • route - convert BFD timers from milliseconds to microseconds after upgrade;
  • routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
  • routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
  • routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
  • routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
  • sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
  • sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
  • sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
  • sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
  • sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
  • sms - increased wait time for modem startup;
  • ssh - fixed host public key export (introduced in v7.9);
  • ssh - fixed private key import (introduced in v7.9);
  • ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
  • ssh - fixed user RSA private key import;
  • switch - fixed "reset-counters" for "switch-cpu";
  • switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
  • switch - improved multicast packet forwarding on MT7621;
  • system - disallow setting a non-existing CPU core number for system IRQ;
  • system - increased maximum supported CPU core count to 512 on CHR and x86;
  • system - reduced RAM usage for SMIPS devices;
  • tftp - improved file name matching;
  • user - added "sensitive" policy requirement for SSH key and certificate export;
  • w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
  • webfig - added option to enable wide view in item list;
  • webfig - fixed "Connect To" configuration changes for L2TP client;
  • webfig - fixed gray-out italic font for entries after enable;
  • webfig - use router time zone for date and time;
  • wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
  • wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
  • wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
  • wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
  • wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
  • wifiwave2 - enabled PMK caching with EAP authentication types;
  • wifiwave2 - fixed "reg-info" information for several countries;
  • wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
  • wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
  • wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
  • wifiwave2 - improved stability when changing interface settings;
  • wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
  • wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
  • wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
  • wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
  • winbox - added missing status values for Ethernet and Cable Test;
  • winbox - added warning about non-running probe due to "startup-delay";
  • winbox - fixed "Storm Rate" property under "Switch/Port" menu;
  • winbox - fixed BGP affinity display;
  • winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
  • winbox - improved supout.rif progress display;
  • winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
  • wireguard - fixed peer connection using DNS name on IP change;
  • wireguard - fixed peer IPv6 "allowed-address" usage;
  • wireless - ignore EAPOL Logoff frames;
  • x86 - updated e1000 driver.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA. 
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь