Описание прошивки MikroTik RouterOS 7.9
Компания MikroTik обновила версию прошивки на канале stable до версии 7.9
Прошивку можно скачать с сайта https://mikrotik.com/download
Дата выхода прошивки: 02.05.2023
Версия прошивки 7.9 содержит такие доработки и исправления:
What’s new in 7.9 (2023-May-02 08:35):
*) bgp – improved BGP VPN selection;
*) bridge – added warning log when “ageing-time” exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge – fixed FastPath when setting “use-ip-firewall-for-vlan” or “use-ip-firewall-for-pppoe” without enabled “use-ip-firewall”;
*) certificate – fixed bogus log messages;
*) chr – fixed public SSH key pulling when running on AWS;
*) console – added “/task” submenu (CLI only);
*) console – added option to create new files using “/file add” command (CLI only);
*) console – improved stability when doing “/console inspect” in certain menus;
*) console – improved stability when editing long strings;
*) console – improved system stability;
*) console – removed bogus “reset” command from “/system resource usb” menu;
*) console – rename flag “seen reply” to “seen-reply” under “/ipv6 firewall connection” menu;
*) console – replaced “fingerprint” with “skid” in “/certificate print”;
*) console – show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container – fixed invoking “container shell” more than once;
*) container – improved “container pull” to support OCI manifest format;
*) defconf – added CAPs mode script for wifiwave2 devices;
*) detnet – fixed interface state detection after reboot;
*) dhcp – changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server – release lease if “check-status” reveals no conflict;
*) disk – improved system stability when removing USB while formatting;
*) ethernet – fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem – fixed partition “copy-to” function;
*) firewall – added “connection-nat-state” to IPv6 mangle and filter rules;
*) health – added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health – fixed bogus value reporting for CRS510 device;
*) ike2 – fixed minor logging typo;
*) ipsec – added error log message when peer ID does not match certificate;
*) ipsec – fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec – refactor X.509 implementation;
*) ipv6 – added “valid” and “lifetime” parameters for SLAAC IPv6 addresses;
*) ipv6 – send out RA packet with “preferred-lifetime” set to “0” when IPv6 address is deactivated;
*) l3hw – improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds – disable LEDs after “/system shutdown”;
*) lte – capped maximum lifetime of SLAAC address to 1 hour;
*) lte – fixed CA band clearing on RAT mode change;
*) lte – fixed duplicate IPv6 route for lte interface when “ipv6-interface” setting is used;
*) lte – fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte – fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte – fixed R11-LTE-US in LTE passthrough mode;
*) lte – fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte – fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte – fixed second modem halt on dual R11e-LTE6 setup;
*) lte – improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP “preferred-afi” parameter;
*) netinstall-cli – improved device reinstall on failed attempt;
*) netwatch – added “startup-delay” setting (CLI only);
*) netwatch – improved ICMP status evaluation when no reply was present;
*) netwatch – limit “start-delay” range;
*) ospf – fixed processing of fragmented LSAs;
*) ovpn – added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn – improved system stability for Tile devices;
*) quickset – fixed displaying of “SINR” when value is 0;
*) rose-storage – added option to nvme-discover with hostname (CLI only);
*) rose-storage – fixed crash on nvme-tcp disable;
*) rose-storage – fixed rsync transfer permissions;
*) rose-storage – various stability fixes;
*) route – fixed “dynamic-id” for VRF tables;
*) route – improved system stability when making routing decision;
*) route – show SLAAC routes under the “/routing route” menu;
*) route-filter – improved stability when matching blackhole routes;
*) routerboot – added “preboot-etherboot” and “preboot-etherboot-server” settings (“/system routerboard upgrade” required) (CLI only);
*) sfp – added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp – allow modules that hold “TX_FAULT” high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp – allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp – fixed “rate-select” functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp – fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp – improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp – improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp – improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp – fixed SNMPv3 “Reportable” flag behavior;
*) snmp – improved outputting of routes;
*) socks – added VRF support;
*) ssh – added Ed25519 host key support;
*) ssh – added support for Ed25519 key export and import in PKCS8 format;
*) ssh – do not allow SHA1 usage with strong crypto enabled;
*) ssh – improved service responsiveness when changing SSH service settings;
*) ssh – improved SSH key import process;
*) storage – mount RAM drive for devices with 32MB flash;
*) supout – added DHCP server network section;
*) switch – fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch – improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch – improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone – updated timezone information from “tzdata2023c” release;
*) vrrp – added “self” value for “group-master” setting;
*) vxlan – added forwarding table;
*) vxlan – fixed packet drops when host moves between remote VTEPs;
*) webfig – added inline comments;
*) webfig – fixed “Destination” value under “MPLS/Forwarding-Table” menu;
*) webfig – fixed issue where “Certificate” value disappears under “IP/Services” menu;
*) webfig – fixed issue where entries might be missing under “IP/DHCP-Server” menu;
*) webfig – various stability fixes;
*) wifiwave2 – added “radio/reg-info” command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 – added ability to configure antenna gain;
*) wifiwave2 – added ability to configure beacon interval and DTIM period;
*) wifiwave2 – added information on additional interface capabilities to radio parameters;
*) wifiwave2 – automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 – exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 – fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 – fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 – fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 – fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 – fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 – improved general interface stability;
*) wifiwave2 – improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 – improved WPS connection speed;
*) wifiwave2 – increased maximum value for “channel.frequency” to 7300;
*) wifiwave2 – show information on captured packets and added ability to save them locally in a pcap file;
*) winbox – added “MTU” and “Hoplimit” properties under “IPv6/Routes” menu;
*) winbox – added “Preferred AFI” property under “MPLS/LDP-Instance” menu;
*) winbox – added “S” flag under “IPv6/Firewall/Connections” menu;
*) winbox – added “Tx Power” property under “Wifiwave2/Status” menu;
*) winbox – added “Tx Queue Drops” property under interface settings “Traffic” tab;
*) winbox – added “Username” and “Password” properties under “Container/Config” menu;
*) winbox – added “Valid” and “Preferred” properties under “IPv6/Address” menu;
*) winbox – added missing properties for “Remote ID Type” under “IP/IPsec/Identities” menu;
*) winbox – changed route flag name from “invalid” to “inactive”;
*) winbox – fixed “TLS” property under “Tools/Email” menu;
*) winbox – fixed “Type” property under “System/Disk” menu when “rose-storage” package is installed;
*) winbox – fixed changing slot name under “System/Disk” menu;
*) winbox – fixed default value for “Allow managed” property under “Zerotier” menu;
*) winbox – fixed duplicate “My ID” column under “IP/IPsec/Identities” menu;
*) winbox – fixed minor typo in “WifiWave2/Radios” menu;
*) winbox – fixed missing “Sector Writes” for certain devices under “System/Resources” menu (introduced in v7.8);
*) winbox – improved Ethernet advertise, speed and duplex settings;
*) winbox – only show permitted countries for wifiwave2 interfaces;
*) winbox – show missing “Designated Bridge” and “Designated Port Number” monitoring data under “Bridge/Port menu;
*) www – allow unsecure HTTP access to REST API;
*) x86 – fixed changing software-id (introduced in v7.7);
*) zerotier – upgraded to version 1.10.3;
Как обновить прошивку MikroTik RouterOS stable 7.9
Самый доступный метод обновление прошивки – через Winbox или web интерфейс(раздел Webfig).
Также можно воспользоваться окном Терминала(Terminal) в Winbox.