MikroTik RouterOS 7.16.x (stable)

Материал из MikroTik Wiki

Подробное описание изменений в MikroTik RouterOS 7.16.x. Официальный список исправленных ошибок, добавленного функционала и прочих доработок. Дата выхода первого набора изменений – 20 сентября 2024, дата выхода последнего набора изменений – неизвестно.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

ИП Скоромнов Дмитрий Анатольевич, ИНН 331403723315
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

ИП Скоромнов Дмитрий Анатольевич, ИНН 331403723315

MikroTik RouterOS 7.16.1

Дата выхода: 10 октября 2024.

Изменения:

  • defconf - changed wireless installation from "indoor" to "any";
  • defconf - disable 5GHz secondary channel on RB4011;
  • dns - do not look up local cache when executing ":resolve" command with specified "server" parameter (introduced in v7.16);
  • sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices ("/system routerboard upgrade" required).

MikroTik RouterOS 7.16

Дата выхода: 20 сентября 2024.

Изменения:

  • 6to4 - fixed 6to4 tunnel LL address generation after system reboot;
  • 6to4 - improved system stability when using 6to4 tunnel without specified remote-address;
  • 6to4 - limit keepalive timeout maximum value;
  • address - added "S" flag for addresses that belong to a slave interface;
  • arm64 - fixed "disable-running-check" for ARM64 UEFI;
  • arm64 - increased reserved storage space for bootloader;
  • arm64/x86 - added rtl8111/8168/8411 firmware;
  • arp - fixed possible issue with invalid entries;
  • bgp - fixed BGP sessions missing vpnv6 afi;
  • bgp - fixed cluster-list and originator-id;
  • bgp - fixed corrupted as-path when received update with empty AS_PATH attribute (introduced in v7.15);
  • bgp - fixed minor logging typo;
  • bgp - fixed vpnv6 safi;
  • bgp - small logging improvements;
  • bridge - added dynamic tagged entry when VLAN interface is created on vlan-filtering bridge;
  • bridge - added forward-reserved-addresses property which controls forwarding of MAC 01:80:C2:00:00:0x range (separated from "protocol-mode=none" functionality, disabled by default after upgrade);
  • bridge - added L2 MDB support for IGMP snooping;
  • bridge - added max-learned-entries property for bridge;
  • bridge - added message about who created a dynamic VLAN entry;
  • bridge - added MVRP support for VLANs assigned to bridge;
  • bridge - do not allow duplicate ports;
  • bridge - fixed BPDU address when using "ether-type=0x88a8" configuration;
  • bridge - fixed MVRP leave;
  • bridge - fixed port "point-to-point" status after first link change;
  • bridge - fixed typo in filter and NAT error message;
  • bridge - improved system stability when removing MLAG configuration;
  • bridge - show invalid flag for ports that fails to be added to bridge (e.g. maximum port limit of 1024 is reached);
  • bth - improved stability on system time change;
  • certificate - added no-key-export parameter for import;
  • certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
  • certificate - automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt;
  • certificate - improved DNS challenge error reporting for Let's Encrypt;
  • certificate - improved RSA key signature processing speed;
  • certificate - show validity beyond year 2038;
  • chr - added support for licensing over IPv6 network;
  • chr - fixed incorrect disk size for ARM64;
  • console - added "about" filters for "find" and "print where" commands;
  • console - added "verbose=progress" mode for import status updates, and verbose output only on failures;
  • console - added additional byte-array option to :convert command;
  • console - added dry-run parameter to simulate import of files and find syntax errors without making configuration changes (verbose only);
  • console - added limits for dst-start and dst-end clock properties;
  • console - added lock screen via :lock command;
  • console - added uppercase and lowercase transform modes to :convert command;
  • console - disallow ping command with empty address;
  • console - display hint when requesting specific argument syntax;
  • console - do not show default boot-os setting in export;
  • console - fixed an issue where certain MAC address can be interpreted as time value;
  • console - fixed negative values for gmt-offset clock property;
  • console - fixed output of ping command in certain cases;
  • console - fixed typo in firewall error message;
  • console - improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format;
  • console - improved large import file handling, error detection and stability;
  • console - improved stability when pasting a large input;
  • console - improved stability when removing script;
  • console - increased default width for bitrate type of columns;
  • console - removed follow-strict parameter;
  • console - show rest-api name for active user connections;
  • container - clear VETH address on container exit and mark interface as running only when VETH is in use;
  • defconf - configure the default-route property for PPP clients only on devices with a built-in modem;
  • detnet - properly detect "Internet" status when multiple detnet instances preset in network;
  • dhcp - added comment property for matchers, options and option sets;
  • dhcp - improved DHCP IPv4 and IPv6 client/relay/server underlying interface state change handling;
  • dhcp - improved insert-queue-before, parent-queue and allow-dual-stack-queue behavior;
  • dhcpv4-client - execute script on DNS server or gateway address change;
  • dhcpv4-server - added "class-id" parameter for DHCP server leases;
  • dhcpv4-server - added matcher ability to match substring;
  • dhcpv4-server - added name for "User-Class" option (77), "Authentication" option (90), "SIP-Servers-DHCP-Option" option (120) and "Unassigned" option (163-174) in debug logs;
  • dhcpv4-server - fixed setting and getting "next-server" property;
  • dhcpv4-server - increased lease offer timeout to 120 seconds;
  • dhcpv4-server - remove corresponding dynamic leases if their address-pool gets removed;
  • dhcpv4-server - show active-server and host-name in print active command;
  • dhcpv6-client - do not add default gateway twice when both prefix and address is acquired;
  • dhcpv6-client - fixed T1, T2, valid-lifetime and preferred-lifetime compliance with RFC8415 by using value 0;
  • dhcpv6-client - pause client and remove dynamically installed objects while it becomes invalid;
  • dhcpv6-client - release client on failed renew attempt;
  • dhcpv6-client - update gateway address for default route on renew;
  • dhcpv6-server - improved system stability;
  • discovery - added discover-interval setting;
  • discovery - added LLDP Port VLAN ID, Port And Protocol VLAN ID, VLAN Name TLVs support;
  • discovery - added LLDP-MED timeout;
  • discovery - changed default discover-interval setting from 60s to 30s;
  • discovery - set unknown bit for any unspecified link type in MAC/PHY TLV;
  • disk - added "wipe-quick" file-system option to format-drive command (CLI only);
  • disk - added log message when disks get added or removed;
  • disk - added simple test command to test device and filesystem speeds (CLI only);
  • disk - improved system stability;
  • disk - remove dummy "slot1" entries on CHR;
  • dns - added support for DoH with adlist;
  • dns - added support for DoH with static FWD entries;
  • dns - added support for mDNS proxy;
  • dns - improved imported adlist parsing;
  • dns - refactored adlist service internal processes and improved logging;
  • dns - refactored DNS service internal processes;
  • dns - show static entry type "A" field in console;
  • dude - fixed map element RouterOS package upgrade functionality;
  • ethernet - fixed port speed downshift functionality for CRS354 devices;
  • ethernet - improved system stability for Alpine CPUs when dealing with unexpected non-UDP/TCP packet transmit;
  • fetch - handle HTTP 401 status correctly;
  • fetch - improved logging;
  • file - renamed "creation-time" to "last-modified";
  • filesystem - improved boot speed after device is rebooted without proper shutdown;
  • filesystem - refactored internal processes to minimize sector writes;
  • firewall - added message when interface belonging to VRF is added in filter rules;
  • firewall - fixed an issue with unsetting src-address-type;
  • firewall - fixed IPv6 "nth" matcher showing up twice in help;
  • firewall - fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command;
  • firewall - removed unnecessary TLS host matcher from NAT tables;
  • health - fixed board-temperature for KNOT device (introduced in v7.15);
  • health - fixed bogus CPU temperature spikes for CCR2216 device;
  • health - fixed missing health for CRS112-8G-4S device (introduced in v7.15);
  • health - improved voltage measurements for RB912UAG-6HPnD and RB912UAG-5HPnD devices;
  • health - removed unnecessary health settings for RB921 and RB922 devices;
  • health - upgraded fan controller firmware to latest version;
  • hotspot - properly escape all reserved URI characters;
  • ike1 - removed unsupported NAT-D drafts with invalid payload numbers;
  • ike2 - improved performance by balancing multicore CPU usage for key exchange calculation;
  • install - allow to save old configuration during cdrom install;
  • install - fixed ARM64 cdrom install (introduced in v7.15);
  • iot - added an option to delete default LoRa servers and a button to recover them if needed;
  • iot - added an option to log LoRa filtered packets;
  • iot - added LoRa NetID and JoinEUI filtering for LNS and CUPS connections;
  • iot - added LoRa option to filter out proprietary packets;
  • iot - fixed incorrect LoRa filter export behavior;
  • iot - fixed LoRa inability to set SSL for LoRa servers via command line;
  • iot - fixed LoRa inability to use variables for GPS-spoofing setting;
  • ip - added max-sessions property for services;
  • ip/ipv6 - added multipath hash policy settings;
  • ipip6 - make IPv6 LL address random;
  • ipsec - changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4;
  • ipsec - improved installed SA statistics update;
  • ipv6 - added "d" deprecated flag for expired IPv6 SLAAC addresses;
  • ipv6 - allow to properly disable address when it is generated from pool;
  • ipv6 - allow to properly move IPv6 address from slave interface to a bridge interface;
  • ipv6 - do not allow adding address with invalid prefix when using pool;
  • ipv6 - do not allow to manually delete LL address;
  • ipv6 - fixed "no-dad" functionality;
  • ipv6 - fixed dynamic duplicate address showing when static address is already configured;
  • ipv6 - fixed pool allocated addresses missing after reboot;
  • ipv6 - fixed SLAAC address dynamic appearance;
  • ipv6 - improved handling of IPv6 address information;
  • ipv6 - improved LL address generation process;
  • ipv6 - properly initialize default ND "interface=all" entry;
  • ipv6 - respect APN settings for "add-default-route" and "use-peer-dns" also when "accept-router-advertisements=yes";
  • ipv6 - warn user that reboot is required in order to properly apply accept-router-advertisements changes;
  • isis - fixed filter-chain and filter-select settings;
  • isis - install IPv6 link-local gateways correctly;
  • l2tp - improved system stability;
  • l3hw - added per-VLAN packet and byte counters to compatible switches;
  • l3hw - disable L3HW on bonding modes that do not support it;
  • log - added basic validation for "disk-file-name" property;
  • lte - added "sms-protocol" setting in "/interface lte" menu (CLI only);
  • lte - fixed "at-chat" for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
  • lte - fixed cases where LTE interface would take long time to become ready after bootup for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
  • lte - fixed cases where modem could be handled by multiple dialer instances;
  • lte - fixed modem firmware upgrade for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
  • lte - fixed possible crash when enabling/disabling config-less modem interface;
  • lte - fixed R11e-LTE no traffic flow when modem with older firmware version is used;
  • lte - fixed support for Fibocom modem fm150-na;
  • lte - improved modem AT/modem port open;
  • lte - improvements to "/interface/lte/show-capabilities" command;
  • media - improved file indexing for DLNA;
  • modem - added authentication functionality to EC200A;
  • modem - fixed PPP link recovery when port unexpectedly removed and returned due to modem firmware crash;
  • modem - fixed unresponsive PPP link recovery when TX bandwidth was exceeding link capacity;
  • modem - improved support for KNOT BG77 modem firmware update;
  • mqtt - broker password is no longer exported unless "show-sensitive" flag is used;
  • netinstall-cli - added check for device and package architectures match;
  • netinstall-cli - added support for multiple device install;
  • netinstall-cli - allow mixed package architectures;
  • netwatch - added DNS probe;
  • netwatch - added ttl and accept-icmp-time-exceeded properties for ICMP probe;
  • netwatch - use time format according to ISO standard;
  • ospf - improved system stability during LSA monitoring;
  • ovpn - improved system stability;
  • pimsm - improved system stability;
  • poe-out - fixed low-voltage detection while PD is connected for KNOT device;
  • poe-out - fixed silent firmware upgrade fail on CRS112-8P-4S device (introduced in v7.15);
  • poe-out - upgraded firmware for SAMD20 PSE (AF/AT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
  • port - added IPv6 support for the "remote-access" feature;
  • ppp - added SIM hot-plug enable command to default init-string for KNOT and CME gateway;
  • ppp - added support for IPv6-only domain names to l2tp-client, ovpn-client and sstp-client;
  • ppp - automatically generate IPv6 firewall rules when filter-id is specified;
  • ppp - fixed dynamic queue default name (introduced in v7.15);
  • ppp - fixed PPP info parser showing error for BG77 modem running on KNOT AUX AT/modem port;
  • profiler - classify wifi processing as "wireless";
  • ptp - added PTP support for CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ, CRS518-16XS-2XQ, CRS504-4XQ, CRS510-8XS-2XQ devices;
  • qos-hw - added H and I flags to queues;
  • qos-hw - added new monitoring properties for ports and global QoS stats;
  • qos-hw - added queue-buffers property to tx-manager;
  • qos-hw - allow port print stats, usage and pfc while QoS is disabled;
  • qos-hw - allow to set queue-buffers in bytes, percent or auto;
  • qos-hw - enabling ECN forces WRED (unless share is disabled);
  • qos-hw - fixed egress-rate limit validation;
  • qos-hw - fixed global buffer limits for 98DX8212 and 98DX8332 switches;
  • qos-hw - fixed WRED thresholds;
  • qos-hw - improved behavior when changing ports tx-manger;
  • qos-hw - limit WRED to queues with enabled shared buffers;
  • queue - improved system stability;
  • quickset - removed Basic AP mode;
  • rose-storage - fixed "/file sysnc status" parameter to be read-only;
  • rose-storage - moved "/rsync-daemon" to "/file rsync-daemon;
  • rose-storage - renamed sync "remote-addr" property to "remote-address";
  • route - added ability to redistribute isis routes;
  • route - fixed incorrectly handled route distinguisher and route targets (introduced in v7.15);
  • route - fixed memory leak (introduced in v7.15);
  • route - fixed some missing route parameters when printing (introduced in v7.15);
  • route - improved route attribute handling (may increase memory usage);
  • route - improved routing table update performance;
  • route - improved stability when getting entries from large routing tables;
  • route - place static route in the correct VRF when vrf-interface parameter is used;
  • route - rename route type from is-is to isis;
  • routerboard - improved Etherboot stability for CRS320-8P-8B-4S+ device ("/system routerboard upgrade" required);
  • routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
  • routerboot - improved boot process ("/system routerboard upgrade" required);
  • rpki - fixed preference sorting;
  • sfp - fixed calculated link length based on EEPROM in certain cases;
  • sfp - fixed missing traffic after reboot with S-RJ01 module running at 10/100 Mbps rate on CCR2004-16G-2S+ device;
  • sfp - fixed SFP28 interface with fec74 mode on CCR2004-1G-2XS-PCIe device;
  • sfp - fixed SFP28 jumbo frame processing on CCR2004-1G-2XS-PCIe device;
  • sms - added polling setting so that RouterOS itself checks SMS instead of relying on URC messages;
  • snmp - added support for KNOT BG77 modem cellular signal info;
  • snmp - fixed LAST-UPDATED format in MIKROTIK-MIB;
  • ssh - fixed SSH cryptographic accelerator selection for GCM cipher (introduced in v7.14);
  • ssh - fixed unsupported user SSH public key import (introduced in v7.15);
  • ssh - improved system stability when SSH tries to bind to non-existing interface;
  • supout - added detnet section;
  • supout - added monitor command for all wifi interfaces;
  • supout - added netwatch section;
  • supout - added user SSH keys section;
  • supout - increased console output width;
  • supout - limit address-list and connection tracking entries to 999 in supout.rif;
  • supout - rename "store" section to "disk";
  • switch - fixed an issue where half-duplex links could occupy Tx resources for 98DX8xxx, 98DX4xxx, 98DX325x switch chips;
  • switch - fixed an issue with Ethernet port group hang for CRS354 devices;
  • switch - fixed Ethernet interface counter 32bit overflow for CRS354 devices;
  • switch - fixed limited Tx traffic on Ethernet ports for CRS354 devices (introduced in v7.15);
  • switch - improved switch reset;
  • switch - improved system stability on CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
  • system - added "clock" logging topic for time change related messages;
  • system - added critical log message when not enough space to store new configuration;
  • system - added log message if device failed to reboot gracefully;
  • system - added more details to user initiated reboot (reset, upgrade, downgrade);
  • system - added support for upgrade over IPv6 network;
  • system - do not cancel package upgrade if another architecture packages found on the router;
  • system - do not download packages scheduled for uninstall;
  • system - do not start IPsec and certificate processes when not necessary;
  • system - fixed "free disk space" error message on system upgrade/downgrade;
  • system - fixed an issue where routing configuration was missing after performing a reset, adding a new configuration and then upgrading (introduced in v7.15);
  • system - fixed empty logs after reboot in certain cases;
  • system - improved internal system services messaging;
  • system - improved performance for TCP input;
  • system - improved reporting of total memory size;
  • system - improved system stability for CCR2004-1G-2XS-PCIe device;
  • system - improved system stability for RBSXTsq5nD and RBLDF-5nD;
  • system - improved system stability;
  • system - improved watchdog and kernel panic reporting;
  • system - reduced RAM usage for ARM64 devices;
  • system - set flash-boot mode as "boot-device" after system reset initiated by reset button ("/system routerboard upgrade" required);
  • system - set flash-boot mode as "boot-device" after system reset initiated from software;
  • traceroute - do not stop traceroute after 5 consecutive unreachable hops;
  • tunnel - allow specifying IPv6 LL address as "remote-address" for EoIPv6, GRE6 and IPIP6 tunnels;
  • user - added inactivity timeout for non-GUI sessions;
  • user-manager - updated logo;
  • vxlan - added comment support to VTEPs;
  • vxlan - prevent creating multiple VTEPs with same IP/port combination;
  • webfig - allow to enter time that exceeds 23:59:59;
  • webfig - correctly display default value for number type;
  • webfig - enabled hotlock mode for terminal;
  • webfig - fixed an issue where wrong menu title was shown;
  • webfig - fixed issue with incorrectly applying optional fields;
  • webfig - fixed sorting by datetime;
  • webfig - use "any" argument by default for Torch "Port" property;
  • wifi - added "slave-name-format";
  • wifi - added interface provisioning logs;
  • wifi - adjusted virtual interface naming when provisioning local radios;
  • wifi - do not allow frequency-scan on virtual interfaces;
  • wifi - do not unset radio-mac and master-interface properties on reset;
  • wifi - enable creating virtual wifi interfaces using "copy-from" setting;
  • wifi - fixed packet receive when having multiple station interfaces;
  • wifi - fixed signal strength reporting during association (introduced in v7.15);
  • wifi - fixed typo in log message;
  • wifi - improve regulatory compliance for Chateau ax devices;
  • wifi - improved interface stability when receiving invalid FT authentication frames;
  • wifi - improved system stability after interface hang;
  • wifi - improved WPA3 PMKSA handling when access-lists with custom passphrases are used;
  • wifi - make sniffer tool return an error when attempting to sniff with a radio which does not support it;
  • wifi - send channel switch announcements to clients when switching channels at requested re-select intervals;
  • wifi - use name-format also for local interfaces when provisioning;
  • wifi-qcom - add spectral-scan and spectral-history tools (CLI only);
  • wifi-qcom-ac - count dropped packets to "tx-drop" instead of "tx-error";
  • wifi-qcom-ac - improved memory allocating process;
  • winbox - added "Import Router ID" parameter under "Routing/BGP/VPN" menu;
  • winbox - added "Switch/QoS" menu for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
  • winbox - added "Trace" column under "System/History" menu;
  • winbox - added configuration settings for ROSE;
  • winbox - added extra "File System" under "Format Drive" button;
  • winbox - added missing "Default Name" property for interfaces;
  • winbox - do not show "Last Logged In" and "Expire Password" when creating new system user;
  • winbox - fixed "Authority" property under "System/Certificates/Requests" menu;
  • winbox - fixed duplicated "MVRP Attributes" table;
  • winbox - fixed false invalid flag under "System/Ports/Remote Access" menu;
  • winbox - fixed issue with skin file appearing as unknown in user group menu (introduced in v7.15);
  • winbox - fixed signal bar "excellent" tooltip;
  • winbox - fixed Switch menu for RB1100AHx4 device;
  • winbox - improved QR code display;
  • winbox - moved DHCPv6 Server "Allow Dual Stack Queue" property from General to Queues tab;
  • winbox - moved Switch menu tabs to individual menus;
  • winbox - properly display available address-pools for DHCPv6 server configuration;
  • winbox - removed deprecated x86/CHR specific settings under "System/Resources" menu;
  • winbox - removed spare argument for "PFS Group" property under "IP/IPsec/Proposals" menu;
  • winbox - renamed configurable wifi property "Tx Power" to "Max Tx Power";
  • winbox - separated different Watchdog settings into logical tabs;
  • winbox - use CAP serial number with "Set Identity" button under "WiFi/Remote CAP" menu;
  • winbox - use correct default value for "Partition Offset" property;
  • winbox/webfig - fixed skins (introduced in v7.15);
  • wireless - allow unsetting signal-range and ssid-regext properties for capsman access-list;
  • wireless - fixed dynamic VLAN assignments for vlan-filtering bridge in certain cases;
  • wireless - limit antenna-gain property to 100;
  • www - log out inactive REST API users;
  • x86 - added missing PCI ids for bnx2x driver;
  • x86 - added RTL8156 driver support;
  • x86 - fixed missing serial ports with MCS9900.

Полезные материалы по MikroTik

Углубленный курс "Администрирование сетевых устройств MikroTik"
Онлайн-курс по MikroTik с дипломом государственного образца РФ. Много лабораторных работ с проверкой официальным тренером MikroTik. С нуля и до уровня MTCNA.

ИП Скоромнов Дмитрий Анатольевич, ИНН 331403723315
На Telegram-канале Mikrotik сэнсей можно получить доступ к закрытой информации от официального тренера MikroTik. Подписывайтесь

ИП Скоромнов Дмитрий Анатольевич, ИНН 331403723315