Описание прошивки MikroTik RouterOS 7.7
Компания MikroTik обновила версию прошивки на канале stable до версии 7.7
Прошивку можно скачать с сайта https://mikrotik.com/download
Дата выхода прошивки: 12.01.2023
Версия прошивки 7.7 содержит такие доработки и исправления:
What’s new in 7.7 (2023-Jan-12 09:35):
*) bgp – added comment functionality for BGP VPN (CLI only);
*) bgp – do not reflect route back to sender;
*) bgp – fixed BGP advertisement PCAP saver;
*) bgp – fixed connection establishment using link-local addresses;
*) bgp – improved BGP advertisement printing;
*) bgp – improved BGP session load distribution across multiple CPU cores;
*) bgp – properly set “bgp-ext-communities” from “communities” list;
*) bluetooth – added unique advertise message filtering;
*) bonding – properly detect VPLS interface state changes;
*) branding – fixed identity setting from branding package;
*) bridge – added support for static MDB entries;
*) bridge – disallow port-controller while the bridge has MSTP enabled;
*) bridge – fixed “edge=yes” setting for MSTP;
*) bridge – fixed MSTP compatibility with STP;
*) bridge – fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge – fixed RSTP BCP with bridged PPP interfaces;
*) bridge – fixed STP blocking state on port-controller;
*) bridge – fixed host moving with fast-path;
*) bridge – fixed incorrect root port blocking for MSTP;
*) bridge – fixed master port conversion;
*) bridge – fixed mst-override port priority for MSTP;
*) bridge – fixed port priority for STP and RSTP;
*) bridge – improved port-controller system stability;
*) bridge – improved system stability when using MSTP and many VLAN mappings;
*) bridge – removed “age” monitoring property from the host table;
*) certificate – improved Let’s Encrypt logging and error recovery;
*) certificate – improved certificate management, signing and storing processes;
*) conntrack – improved system stability when PPTP helper is used;
*) conntrack – improved system stability when processing SCTP connections on TILE;
*) console – updated copyright notice;
*) container – fixed access to “/dev/stderr” from containers;
*) container – fixed handling of groups and usernames from Dockerfile;
*) container – fixed tar extracting;
*) container – made “ram” and “tmp” directories use tmpfs;
*) crs1xx/2xx – fixed “new-customer-pcp” setting for ACL rules;
*) dhcpv6-client – handle receiving of invalid T1 and T2 times;
*) discovery – added “discovered-by” parameter to indicate which protocol discovered the neighbor;
*) discovery – added “mode” parameter for discovery configuration;
*) discovery – fixed neighbor discovery on Mesh interfaces;
*) discovery – report IPv6 LL address if global address does not exist;
*) disk – added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk – improved external storage file system mounting, formatting and naming;
*) dns – do not query upstream DNS servers for matched regex records;
*) dns – fixed changing of “forward-to” parameter for FWD entries;
*) dns – fixed handling of CNAME entry pointing to another FWD entry;
*) dns – fixed handling of FWD entries where “forward-to” is a hostname;
*) dns – fixed incorrect TTL=0 reporting for cached entries;
*) dns – improved resolved static entry addition to address list;
*) dns – improved service stability when CNAME points to a FWD entry;
*) dns – query upstream DNS servers for other record types even if static entry exists;
*) dns – require “write” policy for DNS cache flushing;
*) dns – respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem – fixed repartition on devices with containers;
*) firewall – added “set-priority” option for IPv6 mangle firewall;
*) firewall – made “dynamic” parameter settable for IPv4 address lists;
*) hotspot – added “install-hotspot-queue” parameter to control dynamic queue creation;
*) hotspot – fixed maximum allowed connections limitation;
*) hotspot – fixed minor memory leak after each successful login from WEB;
*) hotspot – improved limitation of maximum allowed connections;
*) hotspot – improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 – disallow “remote-id” setting for identity;
*) ike1 – fixed XAuth responder trying to recreate phase 1;
*) ike1 – improved expired IPsec-SA processing;
*) ike2 – added support for ChaChaPoly1305 encryption;
*) ike2 – added support for DH Group 31 (EC25519) (CLI only);
*) ike2 – fixed rekey notify creation;
*) ike2 – improved certificate payload parsing;
*) interface – do not allow adding invalid “veth” interfaces;
*) interface – improved system stability when handling large packets on CCR2216;
*) interface – show RTL8153 CDC Modem Device as ethernet;
*) ipsec – added “current-address” parameter for peers with DNS address;
*) ipsec – added hardware acceleration support for IPQ-6010;
*) ipsec – added support for AVX optimized SHA acceleration;
*) ipsec – improved “H” (hw-aead) flag presence for accelerated SA’s;
*) ipsec – improved IKE payload processing;
*) ipsec – improved configuration of IPsec proposal auth-algorithms;
*) ipsec – removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 – do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 – do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp – added VRF support for L2TP Ether interfaces;
*) l3hw – fixed host offloading in a case of MAC address change;
*) l3hw – fixed offloaded NAT for CRS309 switch;
*) l3hw – improved system stability when disabling or enabling L3HW offloading;
*) leds – fixed default LED configuration on netFiber 9;
*) leds – fixed turning off LEDs after system shutdown;
*) lte – added AT channel support for Telit FN990;
*) lte – added CA information in 5G mode;
*) lte – fixed error handling on opening AT control channel;
*) lte – fixed new MTU value validation;
*) lte – improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte – properly show leading zeros in MCC and MNC strings;
*) lte – show band number in “ca-band” in NSA mode on Chateau 5G;
*) lte – use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec – fixed packet duplication on Ethernet interface;
*) macsec – fixed packet transmission using traffic-generator;
*) macsec – fixed packet validation;
*) modem – added USB tethering support for Google Pixel 7 devices;
*) mpls – added VPLS LDP information in remote/local-mappings;
*) mpls – fixed assigning of explicit null label for IPv6;
*) netinstall – added “-i ” parameter for Netinstall (CLI Linux);
*) netinstall – fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall – improved automatic netbooting interface selection;
*) netwatch – added support for “https-get” type (CLI only);
*) netwatch – fixed reporting of VRF name in logging messages;
*) netwatch – improved “interval” and “packet-interval” coexistence for ICMP type;
*) ntp – log error message when server is unreachable;
*) ospf – fixed MD5 checksum calculation;
*) ospf – fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf – fixed simple authentication checksum calculation;
*) ospf – fixed virtual-link address selection for PTP links;
*) ovpn – added “CBC” postfix to AES cipher names;
*) ovpn – added “route-nopull” option for client side;
*) ovpn – added hardware acceleration support for IPQ-6010;
*) ovpn – added support for IPv6 tunneling;
*) ovpn – fixed “Called-Station-Id” usage in RADIUS requests;
*) package – fixed missing menus when both “lora” and “wifiwave2” packages are installed;
*) ping – fixed ARP ping;
*) port – added serial port support for Telit FN990 modem;
*) port – do not show unusable USB port on hAP ax^2;
*) port – fixed R11e-LTE6 port mapping;
*) ppp – changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp – do not inherit routing mark for encapsulated packets;
*) ppp – fixed displaying of “info” command for PPP client;
*) ppp – improved authentication method negotiation;
*) pppoe – improved service stability when establishing PPPoE sessions;
*) quickset – fixed addition of bridge filter rules in bridged mode;
*) quickset – fixed interface list member table on configuration changes;
*) quickset – update DNS server IP address when changing router’s IP address;
*) rb4011 – fixed reporting of current CPU frequency and changed default frequency to “auto”;
*) sfp – added 2.5G SFP module support for RB5009;
*) sfp – allow usage of “10G Base-LR” mode for XS+31LC10D module;
*) snmp – added support for “lldpRemLocalPortNum” OID’s;
*) snmp – improved stability when receiving bogus packets;
*) ssh – added support for Ed25519 key exchange;
*) ssh – do not allow SHA1 usage with strong crypto enabled;
*) ssh – fixed handling of non standard size RSA keys;
*) supout – added MSTI and mst-override monitor for bridge MSTP;
*) supout – added missing IPv6 firewall sections;
*) switch – avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch – fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch – fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch – hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch – improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch – improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch – improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch – improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch – improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch – increased the maximum value of “rate” for ACL rules;
*) swos – fixed “allow-from-ports” setting;
*) swos – fixed SwOS configuration changes from RouterOS;
*) swos – improved default SwOS backup file name;
*) system – allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system – improved handling of user policies;
*) timezone – updated timezone information from “tzdata2022g” release;
*) tr069-client – updated data model to version 2.15;
*) traffic-flow – fixed sending of sampling interval;
*) tunnels – added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls – expose VPLS related debug logs to “vpls” logging topic;
*) vrrp – always use slave interface MTU;
*) vrrp – improved interface stability on configuration changes;
*) vxlan – added “local-address” parameter support;
*) vxlan – added VRF support;
*) w60g – improved system stability for Cube Pro devices;
*) webfig – ensure login page is displayed after each log out;
*) webfig – fixed accessing of WebFig when “Interface” menu is disabled by skin;
*) webfig – fixed displaying of VRF routes;
*) webfig – fixed input validation for “VPLS ID” parameter;
*) webfig – fixed setting of “DHCP Option Set” parameter;
*) webfig – improved WEB caching capabilities;
*) webfig – properly detect current location for navigation buttons;
*) webfig – properly show limited number of available options;
*) wifiwave2 – added “datapath” settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 – added “ft-preserve-vlanid” parameter to control whether to change VLAN ID after FT;
*) wifiwave2 – added “provisioning” menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 – added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 – added information of per-station throughput in the registration table;
*) wifiwave2 – added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 – added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 – added more informative log messages on configuration profile changes;
*) wifiwave2 – added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 – do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 – fixed “radio-mac” provisioning matcher;
*) wifiwave2 – fixed 4-way handshake with TKIP;
*) wifiwave2 – improved compliance with regulatory domain information;
*) wifiwave2 – improved general system stability;
*) wifiwave2 – improved system stability when multiple virtual AP are configured;
*) wifiwave2 – properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 – released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 – removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox – added “Active” prefix for current “Circuit ID” and “Cookie Length” fields for L2TP-Ether interfaces;
*) winbox – added “Make Static” button to “IP/DHCP Server/Leases” menu;
*) winbox – added “bus” parameter for “USB Power Reset” command on Chateau ax;
*) winbox – added missing “force” parameter for new “IP/DHCP Server/Options” entries;
*) winbox – added missing “vlan-id” column under “IP/Hotspot/Hosts” table;
*) winbox – do not show LACP related status parameters for other bonding types;
*) winbox – fixed default MTU value for CAP interfaces;
*) winbox – fixed minor typo in “Zerotier” menu;
*) winbox – improved handling of large WinBox protocol messages;
*) winbox – increased maximum number of Winbox read-only sessions 5->25;
*) winbox – properly save “Interfaces/Detect Internet/Detect Internet State” menu in session file;
*) winbox – removed bogus VRF tab from “Interface” menu;
*) winbox – show “Switch” menu on Chateau 5G ax;
*) winbox – show “Switch” menu on NetFiber 9;
*) winbox – show “System/Health/Settings” only on boards that have configurable values;
*) winbox – show “System/RouterBOARD/Mode Button” on devices that have such feature;
*) winbox – show “USB Power Reset” menu on Chateau 5G ax;
*) winbox – show dynamic comment in WifiWave2 registration table;
*) wireless – fixed “nstreme” related parameter control in skins;
*) wireless – fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 – added support for SUN 10G NICs;
*) x86 – improved igc driver support;
Как обновить прошивку MikroTik RouterOS stable 7.7
Самый доступный метод обновление прошивки – через Winbox или web интерфейс(раздел Webfig).
Также можно воспользоваться окном Терминала(Terminal) в Winbox.