Software-update: RouterOS 7.11

MikroTik heeft versie 7.11 van RouterOS uitgebracht. RouterOS is een besturingssysteem dat zich richt op het uitvoeren van routertaken. Denk daarbij natuurlijk aan het routeren van netwerkverkeer, maar ook aan bandbreedtemanagement, een firewall, het aansturen van draadloze accesspoints, een hotspotgateway en een vpn-server. Het kan zowel op de hardware van MikroTik als op x86- of virtuele machines zijn werk doen. Voor het gebruik is een licentie nodig, die bij de aankoop van MikroTik-hardware is inbegrepen. De changelog voor deze uitgave kan hieronder worden gevonden.

What's new in 7.11:

• api - disallow executing commands without required parameters
• bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only)
• bfd - improved system stability
• bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only)
• bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads
• bluetooth - added new AD structure type "service-data" for Bluetooth advertisement
• bridge - added more STP-related logging
• bridge - added warning when VLAN interface list contains ports that are not bridged
• bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath
• bridge - fixed MSTP BPDU aging
• bridge - fixed MSTP synchronization after link down
• bridge - prevent bridging the VLAN interface created on the same bridge
• certificate - allow to import certificate with DNS name constraint
• certificate - fixed PEM import
• certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7)
• certificate - improved CRL download retry handling
• certificate - removed request for "passphrase" property on import
• certificate - require CRL presence when using "crl-use=yes" setting
• certificate - restored RSA with SHA512 support
• conntrack - fixed "active-ipv4" property
• console - added ":convert" command
• console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z)
• console - fixed incorrect date when printing "value-list" with multiple entries
• console - fixed minor typos
• console - fixed missing "parent" for script jobs (introduced in v7.9)
• console - fixed missing return value for ping command in certain cases
• console - fixed printing interval when resizing terminal
• console - improved flag printing in certain menus
• console - improved stability and responsiveness
• console - improved stability when canceling console actions
• console - improved stability when using fullscreen editor
• console - improved timeout for certain commands and menus
• console - improved VPLS "cisco-id" argument validation
• container - added IPv6 support for VETH interface
• container - added option to use overlayfs layers
• container - adjust the ownership of volume mounts that fall outside the container's UID range
• container - fixed duplicate image name
• container - fixed IP address in container host file
• defconf - do not change admin password if resetting with "keep-users=yes"
• dhcp-server - fixed setting "bootp-lease-time=lease-time"
• discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8 )
• dns - improved system stability when processing static DNS entries with specified address-list
• ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device
• ethernet - improved interface stability for CRS312 device
• fetch - improved timeout detection
• firewall - added warning when PCC divider argument is smaller than remainder
• firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets
• firewall - improved system stability when using "endpoint-independent-nat"
• graphing - added paging support
• health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices
• health - fixed configuration export for "/system/health/settings" menu
• hotspot - allow number as a first symbol in the Hotspot server DNS name
• ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10)
• ike2 - improved SA rekeying reply process
• ike2 - improved system stability when closing phase1
• ike2 - improved system stability when making configuration changes on active setup
• ike2 - log "reply ignored" as non-debug log message
• ipsec - fixed public key export (introduced in v7.10)
• ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10)
• ipsec - improved IKE2 rekey process
• ipsec - properly check ph2 approval validity when using IKE1 exchange mode
• l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties
• l3hw - fixed /32 and /128 route offloading after nexthop change
• l3hw - fixed incorrect source MAC usage for offloaded bonding interface
• l3hw - improved system responsiveness during partial offloading
• l3hw - improved system stability during IPv6 route offloading
• l3hw - improved system stability
• led - fixed manually configured user LED for RB2011
• leds - blink red system-led when LTE is not connected to the network on D53 devices
• leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices
• lora - added new EUI field
• lora - added uplink message filtering option using NetID or JoinEUI
• lora - moved LoRa service to IoT package
• lora - properly apply configuration changes when multiple LoRa cards are used
• lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards
• lte - added "at-chat" support for Dell DW5821e-eSIM modem
• lte - added "at-chat" support for Dell DW5829 modem
• lte - added "at-chat" support for Fibocom L850-GL modem
• lte - added "at-chat" support for SIMCom 8202G modem
• lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM
• lte - added extended support for Neoway N75 modem
• lte - fixed Dell DW5221E "at-chat" support
• lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1)
• lte - fixed NR SINR reporting for Chateau 5G
• lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection
• lte - fixed Telit LE910C4 "at-chat" support
• lte - improved initial interface startup time for SXT LTE 3-7
• lte - improved system stability when changing the "radio" state for MBIM modems
• lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host
• modem - added initial support for BG77 modem DFOTA firmware update
• modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1
• modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string
• mpls - improved MPLS TCP performance
• mqtt - added more MQTT publish configuration options
• mqtt - added new MQTT subscribe feature
• netwatch - added "src-address" property
• netwatch - changed "thr-tcp-conn-time" argument to time interval
• ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10)
• ovpn - fixed OVPN server peer-id negotiation
• ovpn - fixed session-timeout when using UDP mode
• ovpn - improved key renegotiation process
• ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file
• ovpn - properly close OVPN session on the server when client gets disconnected
• package - treat disabled packages as enabled during upgrade
• poe - fixed missing PoE configuration section under specific conditions
• poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7)
• pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive
• profile - added "container" process classifier
• profile - properly classify "console" related processes
• qos-hw - keep VLAN priority in packets that are sent from CPU
• quickset - correctly apply configuration when using "DHCP Server Range" property
• resource - fixed erroneous CPU usage values
• rose-storage - added "scsi-scan" command (CLI only)
• rose-storage - added disk stats for ramdisks
• rose-storage - fixed RAID 0 creation
• rose-storage - limit striped RAID element size to smallest disk size
• route - added comment for BFD configuration (CLI only)
• route - convert BFD timers from milliseconds to microseconds after upgrade
• routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required)
• routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required)
• routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required)
• routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required)
• sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10)
• sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches
• sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches
• sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches
• sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
• sms - increased wait time for modem startup
• ssh - fixed host public key export (introduced in v7.9)
• ssh - fixed private key import (introduced in v7.9)
• ssh - fixed SSH key agreement on the client side when ed25519 used under server settings
• ssh - fixed user RSA private key import
• switch - fixed "reset-counters" for "switch-cpu"
• switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering
• switch - improved multicast packet forwarding on MT7621
• system - disallow setting a non-existing CPU core number for system IRQ
• system - increased maximum supported CPU core count to 512 on CHR and x86
• system - reduced RAM usage for SMIPS devices
• tftp - improved file name matching
• user - added "sensitive" policy requirement for SSH key and certificate export
• w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices
• webfig - added option to enable wide view in item list
• webfig - fixed "Connect To" configuration changes for L2TP client
• webfig - fixed gray-out italic font for entries after enable
• webfig - use router time zone for date and time
• wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only)
• wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k)
• wifiwave2 - added option to filter frames captured by the sniffer command (CLI only)
• wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect
• wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only)
• wifiwave2 - enabled PMK caching with EAP authentication types
• wifiwave2 - fixed "reg-info" information for several countries
• wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases
• wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man"
• wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9)
• wifiwave2 - improved stability when changing interface settings
• wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames
• wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log)
• wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia"
• wifiwave2 - use correct status code when rejecting WPA3-PSK re-association
• winbox - added missing status values for Ethernet and Cable Test
• winbox - added warning about non-running probe due to "startup-delay"
• winbox - fixed "Storm Rate" property under "Switch/Port" menu
• winbox - fixed BGP affinity display
• winbox - fixed default "Ingress Filtering" value under "Bridge" menu
• winbox - improved supout.rif progress display
• winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu
• wireguard - fixed peer connection using DNS name on IP change
• wireguard - fixed peer IPv6 "allowed-address" usage
• wireless - ignore EAPOL Logoff frames
• x86 - updated e1000 driver