this post was submitted on 30 May 2024
5 points (85.7% liked)

Mikrotik

220 readers
8 users here now

A community-contributed sublemmy for all things Mikrotik. General ISP and network discussion also permitted. Please ensure if you're asking a question you have checked the Wiki First: https://help.mikrotik.com

Mikrotik Rules: Don't post content that is incorrect or potentially harmful to a router/network.

This in itself is not a bannable offence but answers that are verifiably incorrect or will cause issues for other users will be edited or removed.

Examples: Factual errors - "EOIP is always unsecure" Configuration problems - Config that would disable all physical interfaces on a router Trolling - "Downgrade it to 5.26"

founded 1 year ago
MODERATORS
 

ChangelogBefore an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.15 (2024-May-29 15:44):

!) system - added support for AMPERE (R) and ARM64 CHR installations (new ARM64 CHR image available);
!) system - added support for AMPERE (R) hardware (new ARM64 ISO file, new ARM64 extra-nics.npk package);
*) bgp - added initial vpnv6 support;
*) bgp - correctly synchronize input.accept-nlri address list;
*) bgp - fixed prefix count when BGP sessions run with multiple AFIs;
*) bgp - fixed selecting local.default-address from wrong VRF;
*) bgp - use IPv6 as default address-family for IPv6 sessions;
*) bgp-vpn - use VRF interface as gateway for leaked connected routes;
*) branding - added option to hide default configuration prompt;
*) branding - added option to hide or replace default caps-mode-script;
*) bridge - added error message if MLAG peer-port is configured with "mlag-id";
*) bridge - added MLAG peer-port events to logs;
*) bridge - added MVRP support;
*) bridge - do not allow multiple bonds with same "mlag-id";
*) bridge - improved protocol-mode STP, RSTP and MSTP stability;
*) bridge - rename monitor property "path-cost" to "actual-path-cost";
*) bridge - reworked dynamic VLAN creation;
*) bridge - use default "edge=auto" for dynamically bridged interfaces (PPP, VPLS, WDS);
*) certificate - added support for different ACME servers for ssl-certificate (CLI only);
*) certificate - added support for importing pbes2 encrypted private keys with aes128;
*) certificate - added trusted parameter for certificate import;
*) certificate - allow replacing certificate with internal import;
*) certificate - delete certificate related files automatically from storage after import;
*) certificate - improved RSA key signature processing speed;
*) chr - allow to "generate-new-id" only while CHR is running on level "free" license;
*) chr - fixed bogus messages printed out while booting up the system (introduced in v7.14);
*) chr - fixed Xen and Vultr missing ethernet (introduced in v7.14);
*) console - added "byte-array" option to ":convert" command;
*) console - added "proplist" parameter to interactive commands;
*) console - added "rows" property for sniffer quick mode;
*) console - added "sanitize-names" property under "/console/settings" menu (option for replacing reserved characters with underscores for files, disabled by default);
*) console - added "type" parameter to ":resolve" command;
*) console - added "use-script-permissions" option when running scripts from CLI;
*) console - added hotkey "F8" to print entire multiline input;
*) console - added link from "/iot/lora" to "/lora";
*) console - added log for script execution failures;
*) console - added multi-line print in "/file" menu;
*) console - added option to get "about" value (dynamically created text field by RouterOS services like CAPsMAN);
*) console - added option to read and change file line endings in full-screen editor;
*) console - added warning log for modified filenames due to reserved characters;
*) console - covert spaces, CR, LF in ":convert to=url" command;
*) console - do not convert string to array in ":deserialize" command;
*) console - fixed ":onerror" behavior when "do" block is missing;
*) console - fixed "export where" functionality in certain menus;
*) console - fixed console prompt when entering hot lock mode with "F7";
*) console - fixed DHCP server "authoritative=no" configuration export;
*) console - fixed do/while implementation not working with variables (introduced in v7.14);
*) console - fixed filtering by "dhcp" flag in "/ip/arp" menu;
*) console - fixed multiple typos in help;
*) console - improved stability;
*) console - optimized configuration export to prevent startup of processes without any configuration;
*) console - remove unnecessary serial ports for Alpine CPUs;
*) console - show system note before serial login if enabled;
*) console - use user permissions when running scripts from WinBox and WebFig;
*) container - do not allow negative number for "ram-high" setting;
*) defconf - do not override default DHCP server lease time;
*) defconf - fixed 5ghz-ax channel width for L11, L22 devices;
*) defconf - fixed unknown topics in log messages;
*) defconf - minor configuration script updates;
*) dhcpv4-relay - added VRF support;
*) discovery - added LLDP MAC/PHY Configuration/Status TLV support;
*) discovery - added LLDP Maximum Frame Size TLV support;
*) discovery - added LLDP Port Description TLV support;
*) discovery - advertise only physical interface name for LLDP PortID TLV;
*) discovery - always send LLDP MED Power TLV if MED was received;
*) discovery - fixed high CPU utilization when "tx-only" mode is set;
*) discovery - optimized LLDP information update;
*) disk - added option to auto configure media sharing;
*) disk - added support for formatting exfat file-system;
*) disk - improved support for file systems with non-ascii characters in file names;
*) disk - improved support for formatting ext4 file-system;
*) disk - improved system stability when adding partition with no parent;
*) disk - improved system stability;
*) disk - the "scan" command will now detect and include USB drives that were previously ejected;
*) dns - added support for "adlist";
*) dns - added VRF support;
*) dns - improved system stability when caching entries;
*) eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
*) ethernet - fixed default names for CRS310-8G+2S+ device (introduced in v7.14);
*) ethernet - fixed interface disable for CRS326-4C+20G+2Q;
*) ethernet - fixed management port disable/enable on CCR2004-1G-12S+2XS, CCR2004-1G-2XS-PCIe, CCR2216, CCR2116 devices;
*) ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
*) fetch - added "idle-timeout" parameter;
*) fetch - changed topic "info" to "error" for permission denied logs;
*) fetch - fixed slow throughput due to "raw" logging which occurred even when not listening to the topic (introduced in v7.13);
*) file - allow adding and renaming files and directories;
*) file - avoid refreshing whole file system during file modification;
*) file - improved external storage detection;
*) health - added "cpu-temperature" for IPQ50xx devices;
*) health - added log for fan state changes on CRS3xx, CRS5xx, CCR2xxx, CCR1016r2, CCR1036r2 devices;
*) health - fixed fan behavior for CRS310-1G-5S-4S+ (introduced in v7.14);
*) health - fixed rogue voltage on CRS510-8XS-2XQ-IN;
*) install - cdrom and hdd install images contain additional packages that can be interactively selected;
*) ipv6 - properly initialize default ND "interface=all" entry;
*) leds - fixed LEDs for L22 device;
*) lora - removed LoRa WinBox and console functionality duplication (moved to IoT package since v7.11);
*) lte - added "at-chat" support for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
*) lte - added support for concatenated AT commands in "modem-init" string;
*) lte - added support to set "modem-init" string for "dialer-less" modems;
*) lte - apply the same configuration for Microsoft branded EM12-G modem (Surface Mobile Broadband) as for Quectel EM12-G;
*) lte - do not show persistent interfaces for multi-apn slave interfaces;
*) lte - dropped support for R11e-LTE-US FOTA firmware update;
*) lte - fixed R11e-LTE-US modem dial-up;
*) lte - fixed situation where link is not restored after Quectel MBIM modem firmware update;
*) lte - improved FG621-EA modem APN authentication;
*) lte - make interface persistent (unused interface configs can be removed, allow to export and examine current configuration without the device present);
*) lte - removed 2 APN restriction for RG520F-EU modem;
*) lte - use the correct network interface for multi-interface LTE modems;
*) media - added support for DLNA;
*) metarouter - removed support;
*) modem - send APN authentication for BG77 modem also if ppp-client interface created manually;
*) netinstall - improved stability;
*) netinstall-cli - fixed incorrect server address assignment (introduced in v7.14);
*) ovpn - fixed import ovpn config when remote port is missing;
*) ovpn - fixed minor typo in error message;
*) poe-out - added LLDP power management support for devices with single PoE-out port;
*) poe-out - fixed powering devices if input voltage is lower than 12V for hEX PoE (introduced in v7.9);
*) poe-out - improved firmware upgrade stability for AF/AT controlled boards;
*) poe-out - moved "PoE LLDP" property from "/interface/ethernet/poe" to "/ip/neighbor/discovery-settings" and enable it by default;
*) ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
*) ppp - added log when disconnecting a client due to "WISPr-Session-Terminate-Time" RADIUS attribute;
*) ppp - allow underscores in domain names;
*) ppp - enabled monitoring of registration state, RSRP, RSRQ, SINR, PCI, CellID for BG77 modem;
*) ppp - fixed "Framed-IPv6-Pool" usage when received from RADIUS;
*) ppp - fixed "on-down" script running even when tunnel was not up;
*) profiler - added "neighbor-discovery" task;
*) ptp - added PTP support for CCR2116 device;
*) qos-hw - added "offline" tx-manager (CLI only);
*) qos-hw - added "profile" and "map" support for CPU port;
*) qos-hw - added congestion avoidance support for 98DX8xxx, 98DX4xxx, 98DX325x switch chips (CLI only);
*) qos-hw - added ECN marking support for compatible switches;
*) qos-hw - added per-queue traffic shapers (CLI only);
*) qos-hw - added Priority Flow Control for compatible switches (CLI only);
*) qos-hw - added support for QoS profile assignment via ACL rules;
*) qos-hw - added WRED support for compatible switches;
*) qos-hw - fixed port "print stats/usage" when using "from" property;
*) qos-hw - replaced buffer with bytes in QoS monitor;
*) queue - improved system stability (introduced in v7.6);
*) quickset - only show LTE mode for devices without other wireless interfaces;
*) radius - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Accept/Challenge/Reject messages;
*) radius - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
*) route - do not allow routes with empty "dst-address";
*) route - do not redistribute loopback address as connected route;
*) route - fixed bgp-vpn prefix import with the same route distinguisher (RD);
*) route - improved system stability;
*) route - rework of route attributes;
*) route - show route-distinguisher (RD) in route print;
*) route-filter - allow setting different AFI gateways;
*) route-filter - fixed ext community list matcher;
*) sfp - added "100M-baseFX" link mode support for compatible devices;
*) sfp - added "sfp-ignore-rx-los" setting;
*) sfp - fixed "sfp-tx-fault" state indication for CRS510;
*) sfp - fixed link establishment with 100Mbps optical modules (requires "/interface ethernet reset" or adding "100M-baseFX" modes for advertise or speed properties);
*) sfp - fixed missing Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
*) sfp - ignore SFP RX LOS signal for modules with bad EEPROM;
*) sfp - improved "sfp-tx-power" value monitoring in certain cases;
*) sfp - improved auto-negotiation linking for some MikroTik cables and modules;
*) sfp - improved system stability for CR2004-1G-2XS-PCIe (introduced in v7.14);
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) smb - added logs for share connection requests;
*) smb - do not allow setting empty "comment" or "domain" properties;
*) sms - added option to select SMS storage;
*) sms - added SMS PDU to SMS inbox "print detail";
*) sms - added workaround for modems which do not notify regarding new SMS arrival (missing URC);
*) sms - improved SMS handling;
*) sms - removed SMS for SMIPS;
*) sms - use "gsm" logging topic for serial modem SMS logs;
*) snmp - added missing PoE-out status codes to MIKROTIK-MIB;
*) snmp - added new "mtxrOpticalVendorSerial" OID to MIKROTIK-MIB;
*) socks - attempt to parse domain name as IP before resolving;
*) ssh - added support for user Ed25519 private keys;
*) ssh - export host Ed25519 public key;
*) ssh - fixed bogus output;
*) ssh - fixed permissions to run ".auto.rsc" scripts;
*) ssh - require "policy" user policy when adding public key;
*) sstp - added SNI support;
*) sstp - disconnect clients when server is disabled;
*) storage - improved configuration storing process on first system boot after configuration reset;
*) switch - added support for multiple ingress and egress port mirroring on 98DXxxxx switches;
*) switch - added support for RSPAN mirroring on 98DXxxxx switches;
*) switch - fixed L3HW and QoS monitor during switch reset;
*) system - added resource values (Product name, File name and File version) for Windows executable files;
*) system - general work on optimizing the size of RouterOS packages;
*) system - show "cpu-frequency" for Alpine CPUs;
*) system - skip configuration upgrade from RouterOS v6 on configuration reset;
*) system - updated office address in RouterOS license;
*) system - updated online manual links from "wiki" to the help documentation;
*) timezone - updated timezone information from "tzdata2024a" release;
*) traffic-flow - detect IPv4 source address if not set;
*) traffic-flow - improved system stability;
*) userman - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Request messages;
*) userman - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
*) vlan - added MVRP (applicant) configuration option;
*) vlan - ensure that VLAN MTU remains unchanged when adjustments are made to the parent interface MTU, only modifications to the L2MTU might impact VLAN MTU;
*) vlan - fixed MTU reset on bridge after reboot;
*) vlan - limit "vlan-id" range from 1-4095 to 1-4094;
*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
*) webfig - allow pasting with ctrl+v into terminal;
*) webfig - fixed column preferences for ordered tables;
*) webfig - show inherited properties for wifi interfaces;
*) wifi - added "reselect-interval" support;
*) wifi - changed interface default to "disabled=yes";
*) wifi - do not report disabled state for CAPsMAN managed interface;
*) wifi - fixed configuration export for "disabled" property;
*) wifi - improve channel selection after radar detection events;
*) wifi - improve regulatory compliance for L11, L22 devices;
*) wifi - improved interface initialization reliability on DFS channels;
*) wifi - improved stability of DFS check in the 5GHz-A band;
*) wifi - improved system stability when provisioning CAPs in certain cases;
*) wifi - rename "available-channels" parameter to "channel-priorities" and include desirability rating for each channel;
*) wifi - report current CAPsMAN address and identity on CAP;
*) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values;
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances;
*) wifi-qcom - updated driver;
*) winbox - added "Download" and "Flush" buttons under "System/Certificates/CRL" menu;
*) winbox - added "Flat Snoop" button under "WiFi" menu;
*) winbox - added "FT Preserve VLAN ID" setting under "WiFi/Configuration/FT" menu;
*) winbox - added "Request logout" button under "System/Users/Active Users" menu;
*) winbox - added "Trusted" checkbox under "System/Certificates/Import" menu;
*) winbox - added drop down menu for "User" property when importing SSH key under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added invalid flag under "IP/DHCP Relay" menu;
*) winbox - added key type and key length column for user SSH keys;
*) winbox - added missing SFP monitoring properties under "Interface/SFP" menu;
*) winbox - added passphrase option for SSH host key export;
*) winbox - added passphrase option for SSH host key import;
*) winbox - allow specifying size and rtmpfs size with M, G units under "System/Disks" menu;
*) winbox - allow to specify "M" or "G" postfix for download, upload or total limits under "User Manager/Limitations" menu;
*) winbox - do not show "Host Key Size" when using ed25519 key under "IP/SSH" menu;
*) winbox - fixed the issue where the skin file fails to appear in the user group menu after creation;
*) winbox - renamed "Channel" column to "Current Channel" under "Wifi" menu;
*) winbox - show "Valid Servers" and "Unknown Servers" column by default under "IP/DHCP Server/Alerts" menu;
*) winbox - show inherited properties for wifi interfaces;
*) winbox - show SIM settings for SXTR device under "Interfaces/LTE/Modem" menu;
*) winbox - updated icons for certain menus;
*) winbox - use correct values for "Jump Target" property under "IPv6/Firewall/Filter Rules" menu;
*) wireguard - added option to mark peer as responder only;
*) wireguard - added peer "name" field and display it in logs;
*) wireguard - do not attempt to connect to peer without specified endpoint-address;
*) wireguard - fixed "auto" argument usage for "private-key" and "preshared-key" settings;
*) wireguard - fixed performance issues showing QR code;
*) wireless - perform shorter channel availability check for 5600-5650MHz if regulatory domain permits it;
*) x86 - fixed ixgbe Tx hang by disabling TSO;
*) x86 - fixed VLAN tagged packet transmit for ice driver;
*) x86 - ice driver update to v1.13.7;
*) x86 - improved stability for RTL8125 driver;
*) x86 - ixgbe driver update to 5.19.9;
*) x86/chr - improved panic saving (increased minimal RAM requirements to 256MB);

top 1 comments
sorted by: hot top controversial new old
[–] Nogami 3 points 6 months ago

Just using a little HEX for my home network (recommended by a friend at the BBC who use mikrotik extensively).

No issues upgrading.