Маршрутизатори MikroTik | Обговорення маршрутизаторів компанії MikroTik на платформі RouterOS

[pelia]

Так, ось задачка з зірочкою,
Є така штука
RB SXT 5nD r2 - bridge
RBLHG5nD - station wds

Band 5GHz-A
Channel width 5MHz
Frequency 5500
Protocol nv2

Між нами пряма видимість 200м. Швидкість 3mbps виходить, треба більше,
Frequency mode по дефолту regularly domain
County etsi
Installation outdoor

Треба вижати з нього максимум (56 ніби схт дає), щоб органи не приїхали. Поставити інший бенд і збільшити ширину каналу?

[tablestikus]

pelia
направлені антени ще можна заюзати

[KVM]

Так, ось задачка з зірочкою,
Є така штука
RB SXT 5nD r2 - bridge
RBLHG5nD - station wds

Band 5GHz-A
Channel width 5MHz
Frequency 5500
Protocol nv2

Між нами пряма видимість 200м. Швидкість 3mbps виходить, треба більше,
Frequency mode по дефолту regularly domain
County etsi
Installation outdoor

Треба вижати з нього максимум (56 ніби схт дає), щоб органи не приїхали. Поставити інший бенд і збільшити ширину каналу?

Спробуйте:
ширину каналу поставити 20/40
Band - A/N
Frequency - попробувати на інших частотах

Які показники сигналу (CCQ і т.п.)?

[pelia]

pelia
направлені антени ще можна заюзати

та це вони ж і є)

Відправлено через 1 хвилину 32 секунди:

Так, ось задачка з зірочкою,
Є така штука
RB SXT 5nD r2 - bridge
RBLHG5nD - station wds

Band 5GHz-A
Channel width 5MHz
Frequency 5500
Protocol nv2

Між нами пряма видимість 200м. Швидкість 3mbps виходить, треба більше,
Frequency mode по дефолту regularly domain
County etsi
Installation outdoor

Треба вижати з нього максимум (56 ніби схт дає), щоб органи не приїхали. Поставити інший бенд і збільшити ширину каналу?

Спробуйте:
ширину каналу поставити 20/40
Band - A/N
Frequency - попробувати на інших частотах

Які показники сигналу (CCQ і т.п.)?

переключив на only-n, 20, ніби норм, поганяти спідтест на практиці зможу не раніше чим вже завтра

спойлер

[tablestikus]

pelia
направлені антени ще можна заюзати

та це вони ж і є)

Упс, я чогось подумав що це якісь с широким сектором

я як узгоджував лінію між ними? я якось давно був присутній по налаштуванню лінку на кілометр і там чуваки притягали якийсь пристрій з собою який коригував направлення антенного променя

[pelia]

та це вони ж і є)

Упс, я чогось подумав що це якісь с широким сектором

я як узгоджував лінію між ними? я якось давно був присутній по налаштуванню лінку на кілометр і там чуваки притягали якийсь пристрій з собою який коригував направлення антенного променя

Та на око, мені головне було запустити, так вже виявилося, що сусід не міг собі оптику провести, а у мене вийшло, а антени у обох є від старого провайдера, котрий здох.
Там же похибки хоть відбавляй дозволені(35 градусів), пряма видимість, 200м десь, коли вже налаштовано, то можна і покрутити.

Єдине що не можу нагуглити інфу по обмеженням, бо в ідеалі зробити все максимально чисто зі сторони закону. Я на стільки впав у відчай, що поліз в чатгпт питати, той каже що 30дБм для 5470-5725, все ніби вписується, але тому чатгпт довіри нема

[KVM]

pelia
направлені антени ще можна заюзати

та це вони ж і є)

Відправлено через 1 хвилину 32 секунди:

Спробуйте:
ширину каналу поставити 20/40
Band - A/N
Frequency - попробувати на інших частотах

Які показники сигналу (CCQ і т.п.)?

переключив на only-n, 20, ніби норм, поганяти спідтест на практиці зможу не раніше чим вже завтра

спойлер

По TX не дуже.
Спробуйте покрутити їх она на другу і спостерігайте за Signal Strength. В ідеалі добитися біля 50
Для більшої швидкості, ширину каналу спробуйте не 20 а 20/40XX
І Frequency на auto. Гляньте яку частоту вибере антена.

Відправлено через 6 хвилин 5 секунд:

Єдине що не можу нагуглити інфу по обмеженням, бо в ідеалі зробити все максимально чисто зі сторони закону. Я на стільки впав у відчай, що поліз в чатгпт питати, той каже що 30дБм для 5470-5725, все ніби вписується, але тому чатгпт довіри нема

Якщо по закону робити. то:
- Frequency Mode: Regulatory-domain
- Country: Ukraine.
- Skip DFS Channels: All

Перші два не довзолять антенам вилізти за межі по дозволених потужностях для WiFi
3ій параметр пропускатиме частоти на 5 Ггц де можуть військові працювати чи метеозонди.

[pelia]

та це вони ж і є)

Відправлено через 1 хвилину 32 секунди:


переключив на only-n, 20, ніби норм, поганяти спідтест на практиці зможу не раніше чим вже завтра

спойлер

По TX не дуже.
Спробуйте покрутити їх она на другу і спостерігайте за Signal Strength. В ідеалі добитися біля 50
Для більшої швидкості, ширину каналу спробуйте не 20 а 20/40XX
І Frequency на auto. Гляньте яку частоту вибере антена.

Відправлено через 6 хвилин 5 секунд:

Єдине що не можу нагуглити інфу по обмеженням, бо в ідеалі зробити все максимально чисто зі сторони закону. Я на стільки впав у відчай, що поліз в чатгпт питати, той каже що 30дБм для 5470-5725, все ніби вписується, але тому чатгпт довіри нема

Якщо по закону робити. то:
- Frequency Mode: Regulatory-domain
- Country: Ukraine.
- Skip DFS Channels: All

Перші два не довзолять антенам вилізти за межі по дозволених потужностях для WiFi
3ій параметр пропускатиме частоти на 5 Ггц де можуть військові працювати чи метеозонди.

Поставив 20/40хх, циферки стали як ви і казали, 50+ на Тх, буває і 80, залежить від того як дерева трясуться
Людина більш ніж задоволена тим що отримала, а я задоволений тим що мені абонка стала легшою на плечі

Відправлено через 1 годину 41 хвилину 58 секунд:
Так, тепер з'явилася інша проблема. Втрачається коннект і не відновлюється, схоже що проблема зі сторони master пристрою, бо коли я ребутаю антену, то коннект проходить. В чому може бути проблема?

Відправлено через 3 години 56 хвилин 22 секунди:
Ага, проблема то "radar detected" була, після чого лінк не вставав, змінив нарешті на Україну і скіп каналів, ніби перестало падати

[Alligator]

Перші два не довзолять антенам вилізти за межі по дозволених потужностях для WiFi
3ій параметр пропускатиме частоти на 5 Ггц де можуть військові працювати чи метеозонди.

В цілому ніхто не звертає уваги допоки не порушується одне з двох:
1. Не заважаєте роботі обладнанню провайдера
2. Не робите себе місцевим провайдером без ліцензій та дозволу ДССЗЗІ

[BorisBrejcha]

Mikrotik - 2 провайдери. Частина 3. Балансування.
Мікротік - 2 провайдери. Частина 2. Рекурсивні роути
Mikrotik - 2 провайдери, 2 способи.
Mikrotik. Налаштування VLAN. Налаштування гостьової мережі
Резервне копійювання MikroTik
Швидке налаштування Mikrotik для дому

[BorisBrejcha]

Завтра в Киеве Mikrotik training courses

[pelia]

З'явилась нова проблема.
На моїй стороні в логах disconnected control frame timeout
Поки сусід не ребутне у себе - лінку не буде. Сигнал нормальний, я чудово все виставив, Rx/tx CCQ 80-95%, в чому може бути справа?
Можна просто правило на ребут написати, коли лінк падає, але хотілось би більш детально розібратись. Зі сторони сусіда логи глянути не можу(
Сусід ще ні разу мені не дзвонив і не жалівся на з'єднання, але щось би зробити з цим, щоб не жалівся у майбутньому, хочеться туди взагалі не лізти більше

[SashkoS]

disconnected control frame timeout

Покажіть усі налаштування wireless і параметри працюючого лінка. Так само скан ефіру з кожної точки. Найчастіше така помилка з'являється на протоколі NV2 в умовах сильних перешкод і нестабільного сигналу.
NV2 працює по верх стандартного протоколу 802.11 тому потрібно відбудувати спочатку його.
Загальні рекомендації з налаштування радіоканалу точка -точка
1. Guard Interval - захисний інтервал встановити Long.
2. Домогтися однакових рівнів сигналу на прийом і передачу, тоді не будуть перемикатися швидкості. Tx/Rx -57dBm/-57dBm.
Для стандарту N у смузі 40 потрібно мати рівень сигналу сильніший за -61дБм, тоді досягатиметься максимальна швидкість передавання, відповідно використовуватиметься менше ефірного часу.
3. Збільшити кількість повторів Hw. Retries до максимуму (15)
Решта рекомендацій будуть як покажете свої налаштування та умови.

PS

Зі сторони сусіда логи глянути не можу

У чому проблема? звісно коли клієнта від'єднано бо перевищено Disconnect Timeout зв'язку немає, а коли лінк працює подивиться можливо?

[BorisBrejcha]

Вебінар RIPE NCC щодо процедур LIR для української Інтернет спільноти (12.06.2024)

[pelia]

disconnected control frame timeout

Покажіть усі налаштування wireless і параметри працюючого лінка. Так само скан ефіру з кожної точки. Найчастіше така помилка з'являється на протоколі NV2 в умовах сильних перешкод і нестабільного сигналу.
NV2 працює по верх стандартного протоколу 802.11 тому потрібно відбудувати спочатку його.
Загальні рекомендації з налаштування радіоканалу точка -точка
1. Guard Interval - захисний інтервал встановити Long.
2. Домогтися однакових рівнів сигналу на прийом і передачу, тоді не будуть перемикатися швидкості. Tx/Rx -57dBm/-57dBm.
Для стандарту N у смузі 40 потрібно мати рівень сигналу сильніший за -61дБм, тоді досягатиметься максимальна швидкість передавання, відповідно використовуватиметься менше ефірного часу.
3. Збільшити кількість повторів Hw. Retries до максимуму (15)
Решта рекомендацій будуть як покажете свої налаштування та умови.

PS

Зі сторони сусіда логи глянути не можу

У чому проблема? звісно коли клієнта від'єднано бо перевищено Disconnect Timeout зв'язку немає, а коли лінк працює подивиться можливо?

Дякую за допомогу, але я нарешті зв'язався з сусідом (це підприємець) і виявилося що він просто все вимикає в себе, коли нікого немає на території, а я вже собі надумав і хвилювався, правила на перезавантаження при втраті коннекту написав

[SashkoS]

Новинка від Мікротік


Відправлено через 58 хвилин 38 секунд:
Квітневий бюлетень
Newsletter #124
https://mt.lv/news124

[SashkoS]

Вийшов перший реліз кандідат 7.19rc1

спойлер

What's new in 7.19rc1 (2025-Apr-28 16:02):

*) arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
*) bth - properly specify "in-interface" when adding dynamic firewall NAT rule;
*) conntrack - improved stability on busy systems;
*) console - print large number argument values in proper format in export output;
*) defconf - added DHCP Client on RDS2216 MGMT interface;
*) defconf - increased PPP interface wait time;
*) disk - renamed "eject-drive" command to "eject" (CLI only);
*) disk - renamed "format-drive" command to "format" (CLI only);
*) ip-service - show all TCP/UDP connections on the system (additional fixes);
*) ip-service - show all TCP/UDP ports on system, including ports in containers (additional fixes);
*) ipsec - fixed system failure on MMIPS devices when using IPsec services;
*) l3hw - fixed FastTrack/NAT packet routing over VLAN directly assigned to a switch port (introduced in v7.19beta3)
*) lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
*) lte - fixed EC200A-EU APN authentication;
*) lte - fixed LTE passthrough activation issue when IPv6 APN is used;
*) lte - fixed MBIM modem recovery after modem unexpected restart;
*) lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
*) lte - initialize Quectel modems as soon as they are ready after unexpected restart;
*) lte - show correct value for 5G SA "current-cellid";
*) ovpn-server - fixed server start-up after a reboot;
*) ovpn-server - properly show "username" in log when authentication fails;
*) ptp - fixed PTP on 2.5G links;
*) ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
*) rose-storage - added degraded Btrfs mount option (CLI only);
*) rose-storage - improved system stability when removing NVMe disks;
*) rose-storage - rename default RAID device name from "raid" to "raid-array;
*) queue - speed-up queue addition/removal process;
*) snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
*) upgrade - improved free disk space calculation;
*) upgrade - improved upgrade procedure reliability;
*) vxlan -improved system stability when using IPv6 VTEP;
*) wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
*) winbox - added comment fields for WiFi "Multi Passphrase Group" menu;
*) winbox - added missing "Switch" menu for RDS;
*) winbox - added missing file systems for disk formatting;
*) winbox - added missing parameters for BTRFS related action functions;
*) winbox - added mount-point parameter under "Disk/Settings" menu;
*) winbox - allow opening BTRFS menu entries;
*) winbox - fixed "registry-url" field under "Containers" configuration menu;
*) winbox - fixed several statistics counters not being read only;
*) winbox - fixed time interval type fields precision under "Disks" menu;
*) winbox - make BTRFS "Parent" and "Send Parent" options optional;
*) winbox - renamed "raid-member" to "raid member" flag for consistency;
*) winbox - show eSIM profiles under eSIM menu without manual refresh;

Other changes since v7.18:

*) arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;
*) bgp - added input.filter-community;
*) bgp - fixed excessive CPU usage;
*) bgp - fixed input.accept-community;
*) bgp - fixed memory leak on receiving notify and closing session;
*) bgp - improved performance on BGP input;
*) bonding - added setting for LACP active/passive modes;
*) bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
*) bridge - fixed bridge port hang when using invalid port IDs;
*) bridge - fixed dhcp-snooping in QinQ setups (additional fixes);
*) bridge - fixed issue when local MACs were removed unnecessarily;
*) bridge - fixed minor memory leak on link down;
*) bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";
*) bridge - improved default bridge and port layout on console and GUI;
*) bridge - improved stability in case of configuration error (introduced in v7.15);
*) bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;
*) bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
*) bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
*) bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;
*) bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
*) bridge - show designated-* monitor field for all port roles;
*) bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
*) capsman - fixed "undo" command for cap interfaces;
*) certificate - added built-in root certificate authorities store (additional fixes);
*) certificate - do not include CA identity in SCEP POST requests;
*) certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - improve error message when trying to use certificate;
*) certificate - optimize trust store;
*) cloud - fixed issues when BTH is toggled fast between enable/disable;
*) cloud - improved "BTH Files" web page design;
*) console - added on-error to "for" and "foreach" loops;
*) console - added proplist to monitor command;
*) console - disallow incomplete double-quoted arguments (allows multiline string pasting);
*) console - do not treat return values as errors in scripts run from scheduler;
*) console - enabled verbose error logging for non-scripted/non-verbose imports;
*) console - fixed issue with file-name completion (introduced in v7.18);
*) console - fixed issue with files when using scripts (introduced in v7.18);
*) console - fixed misaligned multiline in brief print mode;
*) console - improve time value handling;
*) console - improved file add/remove process stability;
*) console - set "/system/note show-at-login=yes" the default value after configuration reset;
*) console - validate script arguments (do, on-error, etc.) and reject invalid values;
*) container - allow changing container name;
*) container - fixed repository name handling to prevent redirect issues when basic authentication is used;
*) container - try to derive a user readable container name from remote image or file;
*) device-mode - added new "rose" mode where "container" feature is enabled by default;
*) dhcp-server - improved stability when dual stack is used and one of the servers is removed (introduced in v7.19beta2);
*) dhcpv4 - improved outgoing packet logging;
*) dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
*) dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;
*) dhcpv4-server - accept packets with htype 6;
*) dhcpv4/v6-client - added check-gateway parameter;
*) dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
*) dhcpv6-client - allow selecting to which routing tables add default route;
*) dhcpv6-relay - clear saved routes on DHCP release;
*) dhcpv6-relay - show client address;
*) dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
*) dhcpv6-server - change bound status to waiting on binding disable;
*) dhcpv6-server - change static binding bound status to waiting on server disable;
*) dhcpv6-server - fix when expired static binding is declined with false "binding belogs to another server" reason;
*) dhcpv6-server - improved stability when disabled server have static bindings;
*) dhcpv6-server - improved stability when disabling server with active bindings;
*) disk - add "sector-size" property in print detail;
*) disk - add reset-counters to /disk btrfs filesystem;
*) dlna - improved folder indexing behavior;
*) dns - improved DNS server service stability;
*) dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
*) ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
*) fetch - fixed false successful messages in FTP mode;
*) file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
*) file - fixed missing files from The Dude (introduced in v7.18);
*) file - improved responsiveness on slow filesystems;
*) firewall - always show "passthrough" when exporting mangle table;
*) firewall - detect VRF addresses as local;
*) firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
*) health - hide settings in CLI if there is nothing to show;
*) health - improved performance on devices with simple voltage sensors;
*) hotspot - improvements to memory usage;
*) igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
*) ike2 - improved initial key exchange process on slow or unreliable connections;
*) iot - improvement to lora dev-addr-validation behavior;
*) iot - improvement to lora join eui/net id filtering behavior;
*) ip-service - show error message when service enable fails;
*) ippool6 - properly free IPv6 pool used prefix when it is not used any more;
*) ipsec - lower standalone cipher, hash priority when using ctr aead;
*) ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
*) ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;
*) isis - properly validate 3-way hello handshake;
*) l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
*) l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
*) log - added additional CEF fields from firewall and login logs;
*) log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
*) log - populate in/out fields in firewall CEF logs with correct data;
*) lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
*) lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
*) lte - added UICC parameter in LTE monitor for R11e-4G modem;
*) lte - additional fixes for eSIM management support;
*) lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
*) lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
*) lte - fixed initialization for Neoway N75 modem;
*) lte - fixed initialization for R11e-LTE6 modem;
*) lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
*) lte - improved dialer for EC200A-EU modem;
*) lte - initial support for user settable modem redial timer;
*) lte - reset internal link-recovery-timer on sim slot change;
*) lte - set apn profile name the same as apn if no name specified when creating the profile;
*) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
*) netinstall - fixed issue with launching the app (introduced in v7.19beta2);
*) netinstall - improved network socket re-opening when NIC status changes while running the server (additional fixes);
*) netinstall - provide warning if memory on installed router is full after installation;
*) netinstall - show warning when network configuration on PC might not be appropriate for installation;
*) netinstall-cli - check for other running Netinstall servers on startup;
*) netinstall-cli - clear old configuration before user script using "-s";
*) netinstall-cli - fixed issue with applying the branding package;
*) ospf - fixed "mismatch" typo in logs;
*) ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
*) ovpn-server - do not reset active connections when changing comment or name;
*) pimsm - fixed issue where own query caused querier detection;
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added USB mode switch support for "huawei-alt-mode";
*) port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");
*) port - improvements to KNOT BG77 modem port channel handling;
*) ppc - fixed VLAN TCP packet transmit on PPC devices;
*) profiler - improved process classification;
*) ptp - added "ptp" logging topic;
*) ptp - allow multiple instances;
*) queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
*) quickset - improved system stability;
*) rose-storage - added Btrfs disk balance command (CLI only);
*) rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
*) rose-storage - fixes for btrfs;
*) rose-storage - show btrfs balance and scrub errors if any;
*) route - added options to set dynamic-in and connected-in chains in /routing/settings;
*) route - fixed stuck output when calling prints from multiple routing menus;
*) route - improve stability on BGP reconnect;
*) route - make AFI naming consistent;
*) route - show BGP session name instead of cache-id;
*) route-filter - fixed the "blackhole" option setting process;
*) route-filter - improved performance;
*) sfp - added sfp-encoding data output from EEPROM;
*) sfp - improved QSFP link stability for CRS354 devices;
*) sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
*) ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
*) ssl/tls - respond with more precise alert error messages;
*) ssl/tls - send certificate authority in Certificate message even if it is not trusted;
*) switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
*) switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
*) switch - flush CPU port FDB entries on switch disable;
*) switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
*) switch - improved boot stability on devices with Alpine CPU and switch chip;
*) switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
*) system - fixed "/system reboot" when the system disk is completely full;
*) system - improved internal "flash/" prefix handling for different file path related settings;
*) system - improved system stability when sending TCP data from the router;
*) torch - improved data reporting;
*) webfig - allow table column resize over side toolbar;
*) webfig - don't reorder rows when selecting header cells with Alt+click;
*) webfig - fixed graphs appearance under "Tools/Graphing" menu (introduced in 7.19beta2);
*) webfig - show IPv6 firewall connections;
*) webfig - show missing data in "IP/DNS/Cache" records;
*) wifi - add channel.reselect-time parameter which allows to perform channel re-sellection at given time of day (CLI only);
*) wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;
*) wifi - added "eap-identity" to registration table;
*) wifi - added SSID to logs;
*) wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
*) wifi - fix authentication of clients which omit some RSN information at association;
*) wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
*) wifi - fix possible snooper crash when parsing frames with malformed headers;
*) wifi - fixed incorrect attribution of 802.11be capability to 802.11ax APs in output of scan command (introduced in v7.19beta2);
*) wifi - fixed sending of reassociation response frames (introduced in v7.19beta2);
*) wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
*) wifi - improve parsing of captured frames which have nested flags in radiotap header;
*) wifi - improved stability for wifi interfaces;
*) wifi - improved wifi connection stability when used as a station for "b" mode access point;
*) wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
*) wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs (additional fixes);
*) wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
*) wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
*) winbox - added "MAC Telnet" under "Wifi/Registration" menu;
*) winbox - added "Multi Passphrase Group" for wifi;
*) winbox - added "Reset MAC address" for legacy wireless and wifi;
*) winbox - added comment under "User Manager/Routers" menu;
*) winbox - added country to wireless setup-repeater;
*) winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
*) winbox - changed default wireless wds-cost-range values;
*) winbox - do not show not relevant values for certificate template;
*) winbox - fixed "Multi Passphrase Group" setting for wifi;
*) winbox - fixed missing SMB client on non-ROSE devices;
*) winbox - fixed switch menu for Chateau 5G;
*) winbox - improve graphing efficiency when communicating with WinBox;
*) wireguard - add wg-import config-string parameter to import config directly from terminal;
*) wireguard - update peer info on "get" command;
*) wireless - added "eap-identity" to registration table;
*) wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
*) wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
*) x86 - added support for Emulex NIC;
*) x86 - i40e updated driver to 2.27.8 version;
*) x86 - remove unnecessary console output on shutdown;

[SashkoS]

Вийшов наступний реліз кандідат 7.19rc2

спойлер

What's new in 7.19rc2 (2025-May-07 10:32):

*) device-mode - fixed print command (introduced in v7.19rc1);
*) ip-service - show all TCP/UDP ports on system, including ports in containers (additional fixes);
*) lte - deactivate current eSIM profile before activating new profile;
*) lte - fixed default APN for configless modems;
*) route - fixed route rule "min-prefix" unset;
*) route - show "routing-table" by default on console print output;
*) switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;
*) timezone - updated timezone information from "tzdata2025b" release;
*) winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;

Other changes since v7.18:

*) arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
*) arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;
*) bgp - added input.filter-community;
*) bgp - fixed excessive CPU usage;
*) bgp - fixed input.accept-community;
*) bgp - fixed memory leak on receiving notify and closing session;
*) bgp - improved performance on BGP input;
*) bonding - added setting for LACP active/passive modes;
*) bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
*) bridge - fixed bridge port hang when using invalid port IDs;
*) bridge - fixed dhcp-snooping in QinQ setups (additional fixes);
*) bridge - fixed issue when local MACs were removed unnecessarily;
*) bridge - fixed minor memory leak on link down;
*) bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";
*) bridge - improved default bridge and port layout on console and GUI;
*) bridge - improved stability in case of configuration error (introduced in v7.15);
*) bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;
*) bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
*) bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
*) bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;
*) bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
*) bridge - show designated-* monitor field for all port roles;
*) bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
*) bth - properly specify "in-interface" when adding dynamic firewall NAT rule;
*) capsman - fixed "undo" command for cap interfaces;
*) certificate - added built-in root certificate authorities store (additional fixes);
*) certificate - do not include CA identity in SCEP POST requests;
*) certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - improve error message when trying to use certificate;
*) certificate - optimize trust store;
*) cloud - fixed issues when BTH is toggled fast between enable/disable;
*) cloud - improved "BTH Files" web page design;
*) conntrack - improved stability on busy systems;
*) console - added on-error to "for" and "foreach" loops;
*) console - added proplist to monitor command;
*) console - disallow incomplete double-quoted arguments (allows multiline string pasting);
*) console - do not treat return values as errors in scripts run from scheduler;
*) console - enabled verbose error logging for non-scripted/non-verbose imports;
*) console - fixed issue with file-name completion (introduced in v7.18);
*) console - fixed issue with files when using scripts (introduced in v7.18);
*) console - fixed misaligned multiline in brief print mode;
*) console - improve time value handling;
*) console - improved file add/remove process stability;
*) console - print large number argument values in proper format in export output;
*) console - set "/system/note show-at-login=yes" the default value after configuration reset;
*) console - validate script arguments (do, on-error, etc.) and reject invalid values;
*) container - allow changing container name;
*) container - fixed repository name handling to prevent redirect issues when basic authentication is used;
*) container - try to derive a user readable container name from remote image or file;
*) defconf - added DHCP Client on RDS2216 MGMT interface;
*) defconf - increased PPP interface wait time;
*) device-mode - added new "rose" mode where "container" feature is enabled by default;
*) dhcp-server - improved stability when dual stack is used and one of the servers is removed (introduced in v7.19beta2);
*) dhcpv4 - improved outgoing packet logging;
*) dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
*) dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;
*) dhcpv4-server - accept packets with htype 6;
*) dhcpv4/v6-client - added check-gateway parameter;
*) dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
*) dhcpv6-client - allow selecting to which routing tables add default route;
*) dhcpv6-relay - clear saved routes on DHCP release;
*) dhcpv6-relay - show client address;
*) dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
*) dhcpv6-server - change bound status to waiting on binding disable;
*) dhcpv6-server - change static binding bound status to waiting on server disable;
*) dhcpv6-server - fix when expired static binding is declined with false "binding belogs to another server" reason;
*) dhcpv6-server - improved stability when disabled server have static bindings;
*) dhcpv6-server - improved stability when disabling server with active bindings;
*) disk - add "sector-size" property in print detail;
*) disk - add reset-counters to /disk btrfs filesystem;
*) disk - renamed "eject-drive" command to "eject" (CLI only);
*) disk - renamed "format-drive" command to "format" (CLI only);
*) dlna - improved folder indexing behavior;
*) dns - improved DNS server service stability;
*) dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
*) ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
*) fetch - fixed false successful messages in FTP mode;
*) file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
*) file - fixed missing files from The Dude (introduced in v7.18);
*) file - improved responsiveness on slow filesystems;
*) firewall - always show "passthrough" when exporting mangle table;
*) firewall - detect VRF addresses as local;
*) firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
*) health - hide settings in CLI if there is nothing to show;
*) health - improved performance on devices with simple voltage sensors;
*) hotspot - improvements to memory usage;
*) igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
*) ike2 - improved initial key exchange process on slow or unreliable connections;
*) iot - improvement to lora dev-addr-validation behavior;
*) iot - improvement to lora join eui/net id filtering behavior;
*) ip-service - show all TCP/UDP connections on the system (additional fixes);
*) ip-service - show error message when service enable fails;
*) ippool6 - properly free IPv6 pool used prefix when it is not used any more;
*) ipsec - fixed system failure on MMIPS devices when using IPsec services;
*) ipsec - lower standalone cipher, hash priority when using ctr aead;
*) ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
*) ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;
*) isis - properly validate 3-way hello handshake;
*) l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
*) l3hw - fixed FastTrack/NAT packet routing over VLAN directly assigned to a switch port (introduced in v7.19beta3)
*) l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
*) log - added additional CEF fields from firewall and login logs;
*) log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
*) log - populate in/out fields in firewall CEF logs with correct data;
*) lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
*) lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
*) lte - added UICC parameter in LTE monitor for R11e-4G modem;
*) lte - additional fixes for eSIM management support;
*) lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
*) lte - fixed EC200A-EU APN authentication;
*) lte - fixed LTE passthrough activation issue when IPv6 APN is used;
*) lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
*) lte - fixed MBIM modem recovery after modem unexpected restart;
*) lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
*) lte - fixed initialization for Neoway N75 modem;
*) lte - fixed initialization for R11e-LTE6 modem;
*) lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
*) lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
*) lte - improved dialer for EC200A-EU modem;
*) lte - initial support for user settable modem redial timer;
*) lte - initialize Quectel modems as soon as they are ready after unexpected restart;
*) lte - reset internal link-recovery-timer on sim slot change;
*) lte - set apn profile name the same as apn if no name specified when creating the profile;
*) lte - show correct value for 5G SA "current-cellid";
*) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
*) netinstall - fixed issue with launching the app (introduced in v7.19beta2);
*) netinstall - improved network socket re-opening when NIC status changes while running the server (additional fixes);
*) netinstall - provide warning if memory on installed router is full after installation;
*) netinstall - show warning when network configuration on PC might not be appropriate for installation;
*) netinstall-cli - check for other running Netinstall servers on startup;
*) netinstall-cli - clear old configuration before user script using "-s";
*) netinstall-cli - fixed issue with applying the branding package;
*) ospf - fixed "mismatch" typo in logs;
*) ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
*) ovpn-server - do not reset active connections when changing comment or name;
*) ovpn-server - fixed server start-up after a reboot;
*) ovpn-server - properly show "username" in log when authentication fails;
*) pimsm - fixed issue where own query caused querier detection;
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added USB mode switch support for "huawei-alt-mode";
*) port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");
*) port - improvements to KNOT BG77 modem port channel handling;
*) ppc - fixed VLAN TCP packet transmit on PPC devices;
*) profiler - improved process classification;
*) ptp - added "ptp" logging topic;
*) ptp - allow multiple instances;
*) ptp - fixed PTP on 2.5G links;
*) ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
*) queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
*) queue - speed-up queue addition/removal process;
*) quickset - improved system stability;
*) rose-storage - added Btrfs disk balance command (CLI only);
*) rose-storage - added degraded Btrfs mount option (CLI only);
*) rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
*) rose-storage - fixes for btrfs;
*) rose-storage - improved system stability when removing NVMe disks;
*) rose-storage - rename default RAID device name from "raid" to "raid-array;
*) rose-storage - show btrfs balance and scrub errors if any;
*) route - added options to set dynamic-in and connected-in chains in /routing/settings;
*) route - fixed stuck output when calling prints from multiple routing menus;
*) route - improve stability on BGP reconnect;
*) route - make AFI naming consistent;
*) route - show BGP session name instead of cache-id;
*) route-filter - fixed the "blackhole" option setting process;
*) route-filter - improved performance;
*) sfp - added sfp-encoding data output from EEPROM;
*) sfp - improved QSFP link stability for CRS354 devices;
*) sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
*) snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
*) ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
*) ssl/tls - respond with more precise alert error messages;
*) ssl/tls - send certificate authority in Certificate message even if it is not trusted;
*) switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
*) switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
*) switch - flush CPU port FDB entries on switch disable;
*) switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
*) switch - improved boot stability on devices with Alpine CPU and switch chip;
*) switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
*) system - fixed "/system reboot" when the system disk is completely full;
*) system - improved internal "flash/" prefix handling for different file path related settings;
*) system - improved system stability when sending TCP data from the router;
*) torch - improved data reporting;
*) upgrade - improved free disk space calculation;
*) upgrade - improved upgrade procedure reliability;
*) vxlan -improved system stability when using IPv6 VTEP;
*) webfig - allow table column resize over side toolbar;
*) webfig - don't reorder rows when selecting header cells with Alt+click;
*) webfig - fixed graphs appearance under "Tools/Graphing" menu (introduced in 7.19beta2);
*) webfig - show IPv6 firewall connections;
*) webfig - show missing data in "IP/DNS/Cache" records;
*) wifi - add channel.reselect-time parameter which allows to perform channel re-sellection at given time of day (CLI only);
*) wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;
*) wifi - added "eap-identity" to registration table;
*) wifi - added SSID to logs;
*) wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
*) wifi - fix authentication of clients which omit some RSN information at association;
*) wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
*) wifi - fix possible snooper crash when parsing frames with malformed headers;
*) wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
*) wifi - fixed incorrect attribution of 802.11be capability to 802.11ax APs in output of scan command (introduced in v7.19beta2);
*) wifi - fixed sending of reassociation response frames (introduced in v7.19beta2);
*) wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
*) wifi - improve parsing of captured frames which have nested flags in radiotap header;
*) wifi - improved stability for wifi interfaces;
*) wifi - improved wifi connection stability when used as a station for "b" mode access point;
*) wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
*) wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs (additional fixes);
*) wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
*) wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
*) winbox - added "MAC Telnet" under "Wifi/Registration" menu;
*) winbox - added "Multi Passphrase Group" for wifi;
*) winbox - added "Reset MAC address" for legacy wireless and wifi;
*) winbox - added comment fields for WiFi "Multi Passphrase Group" menu;
*) winbox - added comment under "User Manager/Routers" menu;
*) winbox - added country to wireless setup-repeater;
*) winbox - added missing "Switch" menu for RDS;
*) winbox - added missing file systems for disk formatting;
*) winbox - added missing parameters for BTRFS related action functions;
*) winbox - added mount-point parameter under "Disk/Settings" menu;
*) winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
*) winbox - allow opening BTRFS menu entries;
*) winbox - changed default wireless wds-cost-range values;
*) winbox - do not show not relevant values for certificate template;
*) winbox - fixed "Multi Passphrase Group" setting for wifi;
*) winbox - fixed "registry-url" field under "Containers" configuration menu;
*) winbox - fixed missing SMB client on non-ROSE devices;
*) winbox - fixed several statistics counters not being read only;
*) winbox - fixed switch menu for Chateau 5G;
*) winbox - fixed time interval type fields precision under "Disks" menu;
*) winbox - improve graphing efficiency when communicating with WinBox;
*) winbox - make BTRFS "Parent" and "Send Parent" options optional;
*) winbox - renamed "raid-member" to "raid member" flag for consistency;
*) winbox - show eSIM profiles under eSIM menu without manual refresh;
*) wireguard - add wg-import config-string parameter to import config directly from terminal;
*) wireguard - update peer info on "get" command;
*) wireless - added "eap-identity" to registration table;
*) wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
*) wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
*) x86 - added support for Emulex NIC;
*) x86 - i40e updated driver to 2.27.8 version;
*) x86 - remove unnecessary console output on shutdown;

[SashkoS]

Про eSIM від мікротік
Останні версії РОС мають підтримку eSIM

Відповідь служби підтримки MikroTik:
eSIM – це програмне рішення, але воно також вимагає апаратного забезпечення, спеціального модуля, тобто чіпа eSIM, де безпечно зберігаються ідентифікаційні дані абонентів (профілі eSIM).
Наразі у нас немає продуктів із вбудованим чіпом eSIM. Тому на даний момент функціональність eSIM можна використовувати/тестувати з:
- модемами сторонніх виробників, що містять чіп eSIM
- eSIM у вигляді фізичних SIM-карт

[SashkoS]

Вийшла нова ROS 7.19 stable

спойлер

What's new in 7.19 (2025-May-22 10:53):

*) arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
*) arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;
*) bgp - added input.filter-community;
*) bgp - fixed excessive CPU usage;
*) bgp - fixed input.accept-community;
*) bgp - fixed memory leak on receiving notify and closing session;
*) bgp - improved performance on BGP input;
*) bonding - added setting for LACP active/passive modes;
*) bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
*) bridge - fixed bridge port hang when using invalid port IDs;
*) bridge - fixed dhcp-snooping in QinQ setups;
*) bridge - fixed issue when local MACs were removed unnecessarily;
*) bridge - fixed minor memory leak on link down;
*) bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";
*) bridge - improved default bridge and port layout on console and GUI;
*) bridge - improved stability in case of configuration error (introduced in v7.15);
*) bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;
*) bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
*) bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
*) bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;
*) bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
*) bridge - show designated-* monitor field for all port roles;
*) bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
*) bth - properly specify "in-interface" when adding dynamic firewall NAT rule;
*) capsman - fixed "undo" command for cap interfaces;
*) certificate - added built-in root certificate authorities store;
*) certificate - do not include CA identity in SCEP POST requests;
*) certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - improve error message when trying to use certificate;
*) certificate - optimize trust store;
*) cloud - fixed issues when BTH is toggled fast between enable/disable;
*) cloud - improved "BTH Files" web page design;
*) conntrack - improved stability on busy systems;
*) console - added on-error to "for" and "foreach" loops;
*) console - added proplist to monitor command;
*) console - disallow incomplete double-quoted arguments (allows multiline string pasting);
*) console - do not treat return values as errors in scripts run from scheduler;
*) console - enabled verbose error logging for non-scripted/non-verbose imports;
*) console - fixed issue with file-name completion (introduced in v7.18);
*) console - fixed issue with files when using scripts (introduced in v7.18);
*) console - fixed misaligned multiline in brief print mode;
*) console - improve time value handling;
*) console - improved file add/remove process stability;
*) console - print large number argument values in proper format in export output;
*) console - set "/system/note show-at-login=yes" the default value after configuration reset;
*) console - validate script arguments (do, on-error, etc.) and reject invalid values;
*) container - allow changing container name;
*) container - fixed repository name handling to prevent redirect issues when basic authentication is used;
*) container - try to derive a user readable container name from remote image or file;
*) defconf - added DHCP Client on RDS2216 MGMT interface;
*) defconf - increased PPP interface wait time;
*) device-mode - added new "rose" mode where "container" feature is enabled by default;
*) dhcpv4 - improved outgoing packet logging;
*) dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
*) dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;
*) dhcpv4-server - accept packets with htype 6;
*) dhcpv4/v6-client - added check-gateway parameter;
*) dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
*) dhcpv6-client - allow selecting to which routing tables add default route;
*) dhcpv6-relay - clear saved routes on DHCP release;
*) dhcpv6-relay - show client address;
*) dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
*) dhcpv6-server - change bound status to waiting on binding disable;
*) dhcpv6-server - change static binding bound status to waiting on server disable;
*) dhcpv6-server - fix when expired static binding is declined with false "binding belongs to another server" reason;
*) dhcpv6-server - improved stability when disabled server have static bindings;
*) dhcpv6-server - improved stability when disabling server with active bindings;
*) disk - add "sector-size" property in print detail;
*) disk - add reset-counters to /disk btrfs filesystem;
*) disk - renamed "eject-drive" command to "eject" (CLI only);
*) disk - renamed "format-drive" command to "format" (CLI only);
*) dlna - improved folder indexing behavior;
*) dns - improved DNS server service stability;
*) dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
*) ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
*) fetch - fixed false successful messages in FTP mode;
*) file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
*) file - fixed missing files from The Dude (introduced in v7.18);
*) file - improved responsiveness on slow filesystems;
*) firewall - always show "passthrough" when exporting mangle table;
*) firewall - detect VRF addresses as local;
*) firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
*) health - hide settings in CLI if there is nothing to show;
*) health - improved performance on devices with simple voltage sensors;
*) hotspot - improvements to memory usage;
*) igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
*) ike2 - improved initial key exchange process on slow or unreliable connections;
*) iot - improvement to LoRa dev-addr-validation behavior;
*) iot - improvement to LoRa join eui/net id filtering behavior;
*) iot - improvement to LoRa stability and functionality;
*) iot - improvement to LoRa whitelist/blacklist support;
*) iot - iot-bt-extra package stability improvement;
*) ip-service - show all TCP/UDP connections on the system;
*) ip-service - show all TCP/UDP ports on system, including ports in containers;
*) ip-service - show error message when service enable fails;
*) ippool6 - properly free IPv6 pool used prefix when it is not used any more;
*) ipsec - fixed system failure on MMIPS devices when using IPsec services;
*) ipsec - lower standalone cipher, hash priority when using ctr aead;
*) ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
*) ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;
*) isis - properly validate 3-way hello handshake;
*) l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
*) l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
*) log - added additional CEF fields from firewall and login logs;
*) log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
*) log - populate in/out fields in firewall CEF logs with correct data;
*) lte - added UICC parameter in LTE monitor for R11e-4G modem;
*) lte - additional fixes for eSIM management support;
*) lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
*) lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
*) lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
*) lte - deactivate current eSIM profile before activating new profile;
*) lte - fixed default APN for configless modems;
*) lte - fixed EC200A-EU APN authentication;
*) lte - fixed initialization for Neoway N75 modem;
*) lte - fixed initialization for R11e-LTE6 modem;
*) lte - fixed LTE passthrough activation issue when IPv6 APN is used;
*) lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
*) lte - fixed MBIM modem recovery after modem unexpected restart;
*) lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
*) lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
*) lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
*) lte - improved dialer for EC200A-EU modem;
*) lte - improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes;
*) lte - initial support for user settable modem redial timer;
*) lte - initialize Quectel modems as soon as they are ready after unexpected restart;
*) lte - reset internal link-recovery-timer on sim slot change;
*) lte - set apn profile name the same as apn if no name specified when creating the profile;
*) lte - show correct value for 5G SA "current-cellid";
*) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
*) netinstall - improved network socket re-opening when NIC status changes while running the server;
*) netinstall - provide warning if memory on installed router is full after installation;
*) netinstall - show warning when network configuration on PC might not be appropriate for installation;
*) netinstall-cli - check for other running Netinstall servers on startup;
*) netinstall-cli - clear old configuration before user script using "-s";
*) netinstall-cli - fixed issue with applying the branding package;
*) ospf - fixed "mismatch" typo in logs;
*) ospf - make auth-key parameter sensitive;
*) ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
*) ovpn-server - do not reset active connections when changing comment or name;
*) ovpn-server - fixed server start-up after a reboot;
*) ovpn-server - properly show "username" in log when authentication fails;
*) pimsm - fixed issue where own query caused querier detection;
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");
*) port - added USB mode switch support for "huawei-alt-mode";
*) port - fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions;
*) port - improvements to KNOT BG77 modem port channel handling;
*) ppc - fixed VLAN TCP packet transmit on PPC devices;
*) profiler - improved process classification;
*) ptp - added "ptp" logging topic;
*) ptp - allow multiple instances;
*) ptp - fixed PTP on 2.5G links;
*) ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
*) queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
*) queue - speed-up queue addition/removal process;
*) quickset - improved system stability;
*) rose-storage - added Btrfs disk balance command (CLI only);
*) rose-storage - added degraded Btrfs mount option (CLI only);
*) rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
*) rose-storage - fixes for Btrfs;
*) rose-storage - improved system stability when removing NVMe disks;
*) rose-storage - rename default RAID device name from "raid" to "raid-array";
*) rose-storage - show Btrfs balance and scrub errors if any;
*) route - added options to set dynamic-in and connected-in chains in /routing/settings;
*) route - fixed stuck output when calling prints from multiple routing menus;
*) route - fixed route rule "min-prefix" unset;
*) route - improve stability on BGP reconnect;
*) route - make AFI naming consistent;
*) route - show "routing-table" by default on console print output;
*) route - show BGP session name instead of cache-id;
*) route-filter - fixed the "blackhole" option setting process;
*) route-filter - improved performance;
*) sfp - added sfp-encoding data output from EEPROM;
*) sfp - improved QSFP link stability for CRS354 devices;
*) sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
*) snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
*) ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
*) ssl/tls - respond with more precise alert error messages;
*) ssl/tls - send certificate authority in Certificate message even if it is not trusted;
*) switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
*) switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
*) switch - fixed switch name for hEX Refresh;
*) switch - flush CPU port FDB entries on switch disable;
*) switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
*) switch - improved boot stability on devices with Alpine CPU and switch chip;
*) switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
*) switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;
*) system - fixed "/system reboot" when the system disk is completely full;
*) system - improved internal "flash/" prefix handling for different file path related settings;
*) system - improved system stability when sending TCP data from the router;
*) system – added new "switch-marvell" and "wifi-mediatek" packages to support upcoming products;
*) timezone - updated timezone information from "tzdata2025b" release;
*) torch - improved data reporting;
*) upgrade - improved free disk space calculation;
*) upgrade - improved upgrade procedure reliability;
*) vrrp - fixed detection of connection tracking after reboot (introduced in v7.17);
*) vxlan -improved system stability when using IPv6 VTEP;
*) webfig - allow table column resize over side toolbar;
*) webfig - don't reorder rows when selecting header cells with Alt+click;
*) webfig - show IPv6 firewall connections;
*) webfig - show missing data in "IP/DNS/Cache" records;
*) wifi - add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only);
*) wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;
*) wifi - added "eap-identity" to registration table;
*) wifi - added SSID to logs;
*) wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
*) wifi - fix authentication of clients which omit some RSN information at association;
*) wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
*) wifi - fix possible snooper crash when parsing frames with malformed headers;
*) wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
*) wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
*) wifi - improve parsing of captured frames which have nested flags in radiotap header;
*) wifi - improved stability for wifi interfaces;
*) wifi - improved stability when doing SNMP query;
*) wifi - improved wifi connection stability when used as a station for "b" mode access point;
*) wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
*) wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs;
*) wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
*) wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
*) winbox - added "MAC Telnet" under "Wifi/Registration" menu;
*) winbox - added "Multi Passphrase Group" for wifi;
*) winbox - added "Reset MAC address" for legacy wireless and wifi;
*) winbox - added comment fields for WiFi "Multi Passphrase Group" menu;
*) winbox - added comment under "User Manager/Routers" menu;
*) winbox - added country to wireless setup-repeater;
*) winbox - added missing "Switch" menu for RDS;
*) winbox - added missing file systems for disk formatting;
*) winbox - added missing parameters for BTRFS related action functions;
*) winbox - added mount-point parameter under "Disk/Settings" menu;
*) winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
*) winbox - allow opening BTRFS menu entries;
*) winbox - changed default wireless wds-cost-range values;
*) winbox - do not show not relevant values for certificate template;
*) winbox - fixed "Multi Passphrase Group" setting for wifi;
*) winbox - fixed "registry-url" field under "Containers" configuration menu;
*) winbox - fixed missing SMB client on non-ROSE devices;
*) winbox - fixed several statistics counters not being read only;
*) winbox - fixed switch menu for Chateau 5G;
*) winbox - fixed time interval type fields precision under "Disks" menu;
*) winbox - hide container File/Remote Image fields only when instance added;
*) winbox - improve graphing efficiency when communicating with WinBox;
*) winbox - make BTRFS "Parent" and "Send Parent" options optional;
*) winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;
*) winbox - renamed "raid-member" to "raid member" flag for consistency;
*) winbox - show eSIM profiles under eSIM menu without manual refresh;
*) wireguard - add wg-import config-string parameter to import config directly from terminal;
*) wireguard - update peer info on "get" command;
*) wireless - added "eap-identity" to registration table;
*) wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
*) wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
*) x86 - added support for Emulex NIC;
*) x86 - i40e updated driver to 2.27.8 version;
*) x86 - remove unnecessary console output on shutdown;