Manual:RouterOS6 news: Difference between revisions
Jump to navigation
Jump to search
m →Tools |
No edit summary |
||
(27 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
__TOC__ | __TOC__ | ||
{{ Warning | This guidance is kept for archival purpose and information in it are not updated. Latest RouterOS v6 changes you can find [https://mikrotik.com/download/changelogs here]! }} | |||
==General== | ==General== | ||
* Updated drivers and | * Updated drivers and Kernel (to linux-3.3.5) | ||
* Initial [[Manual:OpenFlow | OpenFlow]] support | * Initial [[Manual:OpenFlow | OpenFlow]] support | ||
* Hotspot mac-cookie login method (mostly used for smartphones) | * New [[Manual:LCD_TouchScreen | LCD Touch screen]] features | ||
* Configurable | * Hotspot [[Manual:Hotspot_Introduction#MAC_Cookie|mac-cookie login method]] (mostly used for smartphones) | ||
* | * Configurable Kernel options in '''/ip settings''' and '''/ipv6 settings''' menu (ip forward, rp filters etc) | ||
* ARP timeout can be changed in '''/ip settings''' | |||
* Neighbor discovery can be disabled by default on dynamic interfaces in '''/ip neighbor discovery settings''' menu | * Neighbor discovery can be disabled by default on dynamic interfaces in '''/ip neighbor discovery settings''' menu | ||
* To enable/disable discovery on interface you now must use command: "'''/ip neighbor discovery set (interface number/name) discover=yes/no'''". | |||
* Show <var>last-logged-in</var> in users list | * Show <var>last-logged-in</var> in users list | ||
* GRE supports all protocol encapsulation, not just ip and ipv6; | * GRE supports all protocol encapsulation, not just ip and ipv6; | ||
* Slave flag shows up for interfaces that are in bridge,bonding or switch group; | |||
* SSH client has new property <var>output-to-file</var>, useful for scripting. | |||
* Support for [[M:API | API]] over TLS (SSL) | |||
* [[M:API | API]] is now enabled by default | |||
* DNS retry queries with tcp if truncated results received | |||
* DNS rotates servers only on failure | * DNS rotates servers only on failure | ||
* DNS cache logs requests to topics "dns" and "packet"; | * DNS cache logs requests to topics "dns" and "packet"; | ||
* [[M:Webfig | WebFig]] now supports RADIUS authentication (via MS-CHAPv2) | |||
* New Web Proxy parameter <var>max-cache-object-size</var> | |||
* Increased Max client/server connection count for Web Proxy | |||
* If NTP client is enabled, logs show correct time and date when router was rebooted. | |||
* [[Manual:Switch_Chip_Features#Example_-_802.1Q_Trunking_with_Atheros_switch_chip_in_RouterOS_v6 | 802.1Q Trunking]] with Atheros switch chip | |||
== PPP == | == PPP == | ||
Line 41: | Line 55: | ||
* Possibility to add [[Manual:IP/DHCP_Relay | DHCP]] relay agent information option (Option 82) | * Possibility to add [[Manual:IP/DHCP_Relay | DHCP]] relay agent information option (Option 82) | ||
* DHCPv6 DNS option support | * DHCPv6 DNS option support | ||
* DHCPv6 Relay support | |||
* DHCP server RADIUS framed route support | |||
* DHCP option configuration per lease | |||
==IpSec== | ==IpSec== | ||
Line 57: | Line 74: | ||
* For peers with full IP address specified system will auto-start ISAKMP SA negotiation. | * For peers with full IP address specified system will auto-start ISAKMP SA negotiation. | ||
* generate-policy now can have <var>port-strict</var> value which will use port from peer's proposal | * generate-policy now can have <var>port-strict</var> value which will use port from peer's proposal | ||
* Source address of phase1 is now configurable | |||
==Certificates== | ==Certificates== | ||
Line 65: | Line 82: | ||
* Ipsec and SSTP respects CRLs | * Ipsec and SSTP respects CRLs | ||
* SCEP server/client support | * SCEP server/client support | ||
* Certificate manager now can issue self signed certificates. | |||
== Routing == | == Routing == | ||
Line 77: | Line 95: | ||
* improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues; | * improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues; | ||
* /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple; | * /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple; | ||
* new default queue types: pcq-download-default and pcq-upload-default; | * new default queue types: <var>pcq-download-default</var> and <var>pcq-upload-default</var>; | ||
* simple queues have separate priority setting for download/upload/total; | * simple queues have separate priority setting for download/upload/total; | ||
* global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5; | * <var>global-in</var>, <var>global-out</var>, <var>global-total</var> parent in /queue tree is replaced with <var>global</var> that is equivalent to global-total in v5; | ||
* simple queues happen in different place - at the very end of postrouting and local-in chains; | * simple queues happen in different place - at the very end of postrouting and local-in chains; | ||
* simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue; | * simple queues <var>target-addresses</var> and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue; | ||
* simple queues dst-address parameter is changed to dst and now supports destination interface matching; | * simple queues <var>dst-address</var> parameter is changed to dst and now supports destination interface matching; | ||
== Compact configuration export == | == Compact configuration export == | ||
Line 93: | Line 110: | ||
/export verbose file=myConfig | /export verbose file=myConfig | ||
</pre> | </pre> | ||
==Tools== | ==Tools== | ||
* [[Manual:Fast_Path | FastPath]] support | * [[Manual:Fast_Path | FastPath]] support | ||
* Renamed e-mail | * Renamed e-mail <var>tls</var> to <var>start-tls</var> and added it as a configurable parameter | ||
* [[Manual:Tools/Fetch | Fetch tool]] now has HTTPS support | * [[Manual:Tools/Fetch | Fetch tool]] now has HTTPS support | ||
* Added ipv6 header support for traffic generator | * Added ipv6 header support for traffic generator | ||
* Playback pcap files into network using new trafficgen <var>inject-pcap</var> command | * Playback pcap files into network using new trafficgen <var>inject-pcap</var> command | ||
* NAND Flash can be [[Manual:Partitions|Partitioned]] on routerboards and separate versions can be installed on each of | * NAND Flash can be [[Manual:Partitions|Partitioned]] on routerboards and separate RouterOS versions can be installed on each of the partitions | ||
Latest revision as of 08:49, 11 April 2019
Warning: This guidance is kept for archival purpose and information in it are not updated. Latest RouterOS v6 changes you can find here!
General
- Updated drivers and Kernel (to linux-3.3.5)
- Initial OpenFlow support
- New LCD Touch screen features
- Hotspot mac-cookie login method (mostly used for smartphones)
- Configurable Kernel options in /ip settings and /ipv6 settings menu (ip forward, rp filters etc)
- ARP timeout can be changed in /ip settings
- Neighbor discovery can be disabled by default on dynamic interfaces in /ip neighbor discovery settings menu
- To enable/disable discovery on interface you now must use command: "/ip neighbor discovery set (interface number/name) discover=yes/no".
- Show last-logged-in in users list
- GRE supports all protocol encapsulation, not just ip and ipv6;
- Slave flag shows up for interfaces that are in bridge,bonding or switch group;
- SSH client has new property output-to-file, useful for scripting.
- Support for API over TLS (SSL)
- API is now enabled by default
- DNS retry queries with tcp if truncated results received
- DNS rotates servers only on failure
- DNS cache logs requests to topics "dns" and "packet";
- WebFig now supports RADIUS authentication (via MS-CHAPv2)
- New Web Proxy parameter max-cache-object-size
- Increased Max client/server connection count for Web Proxy
- If NTP client is enabled, logs show correct time and date when router was rebooted.
- 802.1Q Trunking with Atheros switch chip
PPP
- SSTP can now force AES encryption instead of default RC4
- PPP profile now has bridge-path-cost amd bridge-port-priority parameters
- Secrets shows last-logged-out date and time
- Hotspot and PPP now support multiple address-lists
- Only 2 change mss mangle rules are created for all ppp interfaces;
Firewall
- New all-ether,all-wireless,all-vlan,all-ppp interface matchers
- Priority matcher
- New change-dscp options from-priority and from-priority-to-high-3-bits
- New Mangle Actions snif-tzsp,snif-pc
Wireless
- Wireless Channels options - creating custom channel lists
DHCP
- DHCP client now support custom options
- DHCP v4 client now have special-classless option for add-default-route parameter
- Possibility to add DHCP relay agent information option (Option 82)
- DHCPv6 DNS option support
- DHCPv6 Relay support
- DHCP server RADIUS framed route support
- DHCP option configuration per lease
IpSec
Significantly improved Road Warrior setup usage with Mode Configuration support.
Detailed configuration example can be found in the manual.
Full list of new features:
- Mode Conf support (unity split include, address pools, DNS)
- Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
- Xauth support ( xauth PSK and Hybrid RSA)
- Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
- Peer groups
- Multiple peers with the same IP can be used.
- For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
- generate-policy now can have port-strict value which will use port from peer's proposal
- Source address of phase1 is now configurable
Certificates
- CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
- For certificates marked as trusted=yes, CRL will be automatically updated once in an hour from http sources;
- Ipsec and SSTP respects CRLs
- SCEP server/client support
- Certificate manager now can issue self signed certificates.
Routing
- New OSPF parameter use-dn. Forces to ignore DN bit in LSAs.
- Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
- Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.
Queues
- improved overall router performance when simple queues are used
- improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
- /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
- new default queue types: pcq-download-default and pcq-upload-default;
- simple queues have separate priority setting for download/upload/total;
- global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
- simple queues happen in different place - at the very end of postrouting and local-in chains;
- simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
- simple queues dst-address parameter is changed to dst and now supports destination interface matching;
Compact configuration export
Now by default configuration is exported in compact mode.
To make full config export verbose parameter should be used:
/export verbose file=myConfig
Tools
- FastPath support
- Renamed e-mail tls to start-tls and added it as a configurable parameter
- Fetch tool now has HTTPS support
- Added ipv6 header support for traffic generator
- Playback pcap files into network using new trafficgen inject-pcap command
- NAND Flash can be Partitioned on routerboards and separate RouterOS versions can be installed on each of the partitions
[ Top | Back to Content ]